All geek questions in one place

RequireHttps calls a redirect loop to the Amazon load balancer

I have an ASP.NET MVC 4 application running behind Amazon's elastic load balancer. Everything works fine when I install my SSL certificate on the load balancer and the web server and complete the SSL at the web server level.

However, when I try to shut down at the load balancer level, redirecting internal traffic from the load balancer to unencrypted web servers on port 80, the RequireHttps attribute causes a redirect loop. This seems to make sense, as it requests an encrypted channel and does not know that it receives one (between the browser and the load balancer). Has anyone encountered this problem? Any suggestions would be appreciated!

Edit: solution

The following links may be useful to anyone who encounters this problem:

MVC3, RequireHttps and custom handler result in http 310

https://gist.github.com/915869

+6
source share
3 answers

It seems that to use this feature in AWS, you are looking at the "X-Forwarded-Proto" HTTP header element. If the original request is HTTPS, the load balancer enters the header and it says “https”. If it is HTTP, it says "http".

The answer is found here: http://aws.typepad.com/aws/2010/10/keeping-customers-happy-another-new-elastic-load-balancer-feature.html

+7
source

I ran into the same problem that I found that the following RequireHttpsAttribute filter worked for me.

public class SSLFilter : RequireHttpsAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (filterContext.HttpContext.Request.IsLocal || (filterContext.RequestContext.HttpContext.Request.Headers.AllKeys.Contains("X-Forwarded-Proto") && filterContext.RequestContext.HttpContext.Request.Headers.Get("X-Forwarded-Proto").ToLower().Equals("https"))) { return; } base.OnAuthorization(filterContext); } }
+4
source

I suggested a solution for this in the following link: fooobar.com/questions/923874 / ...

What says:

You can get around this by adding the following lines to ConfigureServices in Startup.cs (and add "using Microsoft.AspNetCore.HttpOverrides;")

 services.Configure<ForwardedHeadersOptions>(options => { options.ForwardedHeaders = ForwardedHeaders.XForwardedProto; });
0
source

Source: https://habr.com/ru/post/923871/

More articles:


All Articles