HTTP to HTTPS forwarding behind load balancer on port 443

I have a load balancer listening on both ports 80 and 443, but due to security policy, traffic between the load balancer and the web servers must be encrypted. I'm trying to create a redirect from http to https, but the usual methods don't work, presumably because IIS cannot distinguish original requests from http vs https. This is due to the fact that by the time the request arrives at the web server, it is already encrypted and goes down to port 443.

Right now I am using the modded rewrite module in web.config and the redirect works fine for 80-> LB-> 80 traffic but not 80-> LB-> 443 traffic.

Here's my web.config:

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
    <system.webServer>
        <rewrite>
        <rules>
        <rule name="HTTP to HTTPS redirect" stopProcessing="true">
          <match url="(.*)" />
            <conditions>
              <add input="{HTTPS}" pattern="off" ignoreCase="true" />
            </conditions>
          <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
        </rule>
        </rules>
        </rewrite>
    </system.webServer>
    </configuration>

      

Please note, something I like about the web.config solution (if it can be changed to work in 80-> LB-> 443) is that the redirect works for non-ASP.NET pages too.

Any ideas?

+3


source to share


1 answer


I believe you can configure your load balancer to redirect from http to https. Alternatively, you can configure the load balancer to send an additional HTTP header or CGI variable that indicates safe and not secure.



0


source







All Articles