在弹性 beantalk 的负载均衡器中通过 IIS 中的 url 重写重定向到 https [英] Redirect to https through url rewrite in IIS within elastic beanstalk's load balancer
问题描述
当您在弹性 beantalk 负载均衡器后面时,您如何使用 IIS 的 url 重写模块强制用户使用 ssl?
How do you use IIS's url rewrite module to force users to use ssl while you are behind an elastic beanstalk load balancer?
推荐答案
由于一些原因,这比听起来要困难得多.一,负载平衡器负责 ssl,因此从负载平衡器传递的请求永远不会使用 ssl.如果您使用传统的重写规则,您将获得无限循环的重定向.另一个需要解决的问题是,如果收到重定向响应,AWS 运行状况检查将失败.
This is more difficult than it sounds for a few reasons. One, the load balancer is taking care of ssl so requests passed from the load balancer are never using ssl. If you use the traditional rewrite rule you will get an infinite loop of redirects. Another issue to contend with is that the AWS healthcheck will fail if it receives a redirect response.
- 解决方案的第一步是创建一个healthcheck.html页面并将其设置在根目录中.内容是什么并不重要.
- 将您的负载均衡器设置为使用 healthcheck.html 文件进行健康检查.
在 web.config 的
- The first step in the solution is to create a healthcheck.html page and set it in the root directory. It doesn't matter what the content is.
- Set your load balancer to use the healthcheck.html file for health checks.
Add the rewrite rule below in your web.config's
<system.webServer><rewrite><rules>section:
<rule name="Force Https" stopProcessing="true">
<match url="healthcheck.html" negate="true" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
请注意,除了我们的健康检查文件之外,规则匹配的任何内容.这可以确保负载平衡器的健康检查成功,并且不会错误地将我们的服务器从负载中删除.
Notice that the rule match is on anything but our healthcheck file. This makes sure the load balancer's health check will succeed and not mistakenly drop our server from the load.
负载均衡器在标头中传递 X-Forwarded-Proto 值,它让我们知道请求是否通过 https.如果该值不是 https 并返回使用 https 的永久重定向,我们的规则就会触发.
The load balancer passes the X-Forwarded-Proto value in the header which lets us know if the request was through https or not. Our rule triggers if that value is not https and returns a permanent redirect using https.
这篇关于在弹性 beantalk 的负载均衡器中通过 IIS 中的 url 重写重定向到 https的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
