IIS Rewrite Module to Redirect HTTP to HTTPS on AWS ELB

4/28/2017 3:02:53 PM

The following is an IIS Rewrite Module rule for redirecting HTTP request to HTTPS. This is specifically for use with AWS ELB. Since all (usually) requests between the ELB and the EC2 Host are over port 80, you must check the value of the "HTTP_X_FORWARDED_PROTO" header. This shows the protocol used by client.

Some additional comments.

  •  Match Url: robots.txt is the file used by the ELB to check the health of the EC2 host. If this file is being requested, the rule is negated (not applied). It will match all other requests.
  • If the HTTP_X_FORWARDED_PROTO header has a value of https, this rule is negated.
  • If the REMOTE_HOST value is localhost, this value is negated. This is to ensure the rule is disabled during local development.
  • REMOTE_ADDR rules negates the rule for local dev.
  • HTTP_HOST rule negates the rule for local dev.
  • Redirect type is Permanent.
  • {REQUEST_URI} will append everything from the original request.
  • appendQueryString = false to ensure IIS doesn't append the query string ({REQUEST_URI} will take care of the query string.

* The commented out section of the rule contains a hardcoded host name. This may be needed if you are dealing with an IP Leak. This will prevent a private IP from "leaking" and being returned in the response headers.

<!--<action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />-->

<system.webServer>

	<rewrite>
		<rules>
			<rule name="Redirect to HTTPS" enabled="true" stopProcessing="true">
				<match url="robots.txt" negate="true" />
				<conditions>
					<add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
					<add input="{REMOTE_HOST}" pattern="localhost" negate="true" />
					<add input="{REMOTE_ADDR}" pattern="127.0.0.1" negate="true" />
					<add input="{HTTP_HOST}" pattern="localhost" negate="true" />
				</conditions>
				<action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
				<!--<action type="Redirect" url="https://www.example.com/{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />-->
			</rule>
		</rules>
	</rewrite>
	
</system.webServer>