Apache DirectorySlash redirects HTTPS requests back to HTTP

amazon-elbapache-2.2httphttpsredirect

User Request: https://www.example.com/test

HTTPS requests --> AWS ELB HTTPS Listener --> Apache HTTP

Apache getting http://www.example.com/test

Apache redirect it to http://www.example.com/test/ due to DirectorySlash is On by default.

User ends up with a HTTP request: http://www.example.com/test/

AWS provides a HEAD to detect origin request protocol: %{HTTP:X-Forwarded-Proto}, but how do I tell Apache mod_dir DirectorySlash to use that Header?

Please advise your solution or workaround in this scenario.

Best Answer

Since rewrite will kick in before DirectorySlash, here is what ended up with and it works:

# Redirect to HTTPS before Apache mod_dir DirectorySlash redirect to HTTP
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteCond %{LA-U:REQUEST_FILENAME} -d
RewriteRule ^/(.*[^/])$ https://%{HTTP_HOST}/$1/ [R=301,L,QSA]

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

WordPress – Endless Redirect Loop with AWS ELB and wordpress site using wordpress https plugin

I would hazard a guess without you posting your ELB configuration that the ELB is redirecting HTTPS (443/tcp) traffic to the EC2 instance on HTTP (80/tcp). Then you're .htaccess and plugin are trying to redirect it back to HTTPS because it is being seen over HTTP.

Go take a look at your EC2 console under Network & Security > Load Balancers and I would imagine you'll see the Port Configuration says something along the lines of 443 forwarding to 80 (HTTPS, Certificate: blah)

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

WordPress – Endless Redirect Loop with AWS ELB and wordpress site using wordpress https plugin

Related Topic