Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
611 views
in Technique[技术] by (71.8m points)

.htaccess - AWS Elasticbeanstalk single instance Force SSL Redirect loop

I'm having issues by forcing ssl. I'm using codeigniter and deployed it in AWS single instance with elasticbeanstalk. My htaccess rules below:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]

But browser gets in a redirect loop. Whatever i tried didnt solve this problem.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

As I mentioned in my comment:

in the ssl.conf every call from port 443 is "proxyed" to port 80, so you never get https = on.

I did some tests and I found out that the ProxyPass directive in ssl.conf does not simply redirect every request from port 443 to localhost:80, but basically repeats the request to Apache from scratch, through the port 80 (at least, that's what I understood).

I checked the value of $_SERVER and found out that HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED_HOST and HTTP_X_FORWARDED_SERVER are set during a HTTPS request (but they are NOT set during a HTTP request), meanwhile SERVER_ADDR and REMOTE_ADDR are set to 127.0.0.1 during a HTTPS request (but they are set to different values for HTTP requests).

I assume you can easily check if your request was plain HTTP with something like this (check the syntax, I'm rubbish with Apache):

RewriteCond %{ENV:HTTP_X_FORWARDED_SERVER}   !^$

or

RewriteCond %{ENV:SERVER_ADDR}   !^127.0.0.1

BEWARE: I couldn't find any reference in AWS documentation, it's just an empiric result... they can easily change this behavior!

Happy coding! :)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...