Redirecting HTTP requests to use HTTPS in IIS behind an Elastic Load Balancer

There are plenty of examples of using the URL Rewrite module to redirect HTTP requests to use HTTPS instead in IIS, however they all seem to rely on checking the {HTTPS} IIS server variable to determine if the request used HTTPS or not. If your IIS server is behind an Elastic Load Balancer in AWS HTTPS requests are converted to HTTP at the load balancer and the previous examples do not work.

Instead of checking the {HTTPS} variable you can instead look for the custom header X-Forwarded-Proto that Elastic Load Balancer adds with the protocol used between the client and the load balancer. You can configure this behaviour by adding the following rule into the <system.webServer> <rewrite> <rules> section of your web.config.

Advertisements
Redirecting HTTP requests to use HTTPS in IIS behind an Elastic Load Balancer