Apache redirects from HTTPS to HTTP when adding trailing slash to directory

amazon-elbapache-2.4

I am using Apache using Docker on AWS. The Apache listens on port 80 and serves HTTP.

The Apache is behind an AWS ELB load balancer, which listens only on port 443 serving HTTPS.

When I request https://example.com/foo/ (with trailing slash) it works fine, my content is served.

When I request https://example.com/foo (without trailing slash) it redirects to http://example.com/foo/ – that is to say it adds the trailing slash (correctly) but redirects from HTTPS to HTTP (incorrect).

What can I do about that?

My Dockerfile is

FROM httpd:2.4
COPY . /usr/local/apache2/htdocs/

When I do the request via curl:

$ curl -v https://example.com/foo
*   Trying 1.2.3.4...
* TCP_NODELAY set
* Connected to example.com (1.2.3.4) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: example.com
* Server certificate: Amazon
* Server certificate: Amazon Root CA 1
* Server certificate: Starfield Services Root Certificate Authority - G2
> GET /foo HTTP/1.1
> Host: example.com
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 28 Nov 2017 09:17:26 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 247
< Connection: keep-alive
< Server: Apache/2.4.29 (Unix)
< Location: http://example.com/foo/
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://example.com/foo/">here</a>.</p>
</body></html>
* Connection #0 to host example.com left intact

Thanks in advance.

Best Answer

< Server: Apache/2.4.29 (Unix)
< Location: http://example.com/foo/

This is your back-end Apache speaking. It doesn't understand your client is using HTTPS and does the redirection as it was working standalone. Without providing any of your configuration it's hard to tell how the redirection is done, but you have to modify it to redirect to the https://, instead.

This (not the but a) solution from AWS knowledge center may guide you a step forward. While the original issue is a bit different, the provided resolution probably applies to this case, too.

How do I redirect HTTP traffic on my server to HTTPS on my load balancer?

Resolution

Using the X-Forwarded-Proto header of the HTTP request, change your web server’s rewrite rule to apply only if the client protocol is HTTP. Ignore the rewrite rule for all other protocols used by the client.

This way, if clients use HTTP to access your website, they are redirected to an HTTPS URL, and if clients use HTTPS, they are served directly by the web server.

Apache

<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
...
</VirtualHost>
Related Topic