DEV Community

John Smith
John Smith

Posted on • Originally published at solrevdev.com on

2 3

Force HTTP To HTTPS Redirect Via AWS Elastic Load Balancer

#aws #iis #https #ssl

Forcing HTTP to HTTPS redirect on IIS via AWS Elastic Load Balancers

Today I replaced an aging ASP.NET web forms web application with a new static site which for now is just a landing page with a contact form and in doing so needed to force any insecure HTTP requests to HTTPS.

A bit of a gotcha was an error on the redirect and the issue was the HTTP_X_FORWARDED_PROTO header also needed to be forwarded along with the redirect.

For example :

<conditions logicalGrouping="MatchAny">
   <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" />
   <add input="{HTTPS}" pattern="on" />
</conditions>

Next up, I needed to redirect any users who were going to .aspx pages that no longer existed to a custom 404 HTML page not found page.

This just needed adding to web.config like so :

  <system.web>
      <compilation targetFramework="4.0" />
      <customErrors mode="On" redirectMode="ResponseRewrite">
         <error statusCode="404" redirect="404.html" />
      </customErrors>
   </system.web>

   <system.webServer>
      <httpErrors errorMode="Custom">
         <remove statusCode="404"/>
         <error statusCode="404" path="/404.html" responseMode="ExecuteURL"/>
      </httpErrors>
   </system.webServer>

So here it is for the next time I have to do something similar, This is the full web.config that needs to in the root folder of the site.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <compilation targetFramework="4.0" />
        <customErrors mode="On" redirectMode="ResponseRewrite">
            <error statusCode="404" redirect="404.html" />
        </customErrors>
    </system.web>
    <system.webServer>
        <httpErrors errorMode="Custom">
            <remove statusCode="404"/>
            <error statusCode="404" path="/404.html" responseMode="ExecuteURL"/>
        </httpErrors>
        <rewrite>
            <rules>
                <rule name="HTTPS Rule behind AWS Elastic Load Balancer" stopProcessing="true">
                    <match url="(.*)" ignoreCase="false" />
                    <conditions logicalGrouping="MatchAny">
                        <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" />
                        <add input="{HTTPS}" pattern="on" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Found" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

And to test that the site works I entered it onto https://www.whynopadlock.com/ which gave me the confidence that all was well.

Success 🎉

profile
AWS
 Promoted

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

Top comments (0)

profile
Postmark
 Promoted

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Read next

jatinmehrotra profile image

EKS Auto Mode Unlocked for Existing Clusters with Terraform

Jatin Mehrotra -

rutvikmakvana4 profile image

Deploying a Node.js Application on AWS EC2 Using Tabby SSH Client

Rutvik Makvana -

094459 profile image

Amazon Q Developer Tips: No.14 Navigating through your prompt history

Ricardo Sueiras -

iaasgeek profile image

re:Invent 2024 Keynotes: Dr. Werner Vogels

Guillermo Ruiz -