uniform mod_rewrite HTTP access to HTTPS

I am editing .htaccess, but it doesn't work the way I want, so I would like to ask for your help.

What do you want to do:

Unify HTTP access to HTTPS

Conditions:

Redirect loop.

environment:

SSL configured on AWS load balancer
Apache 2.4
Lavel 5.1 LTS
.htaccess is editing what matches Ravel 5.1.

others:

.htaccess and logs.

.htaccess

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options - MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCon%{REQUEST_FILENAME}!-d
    RewriteRule^(.*)/$/$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond%{HTTPS} on # For HTTPS Access
    RewriteCon%{REQUEST_FILENAME}!-d
    RewriteCond%{REQUEST_FILENAME}!-f# file does not exist
    RewriteRule.index.php[L]# RewriteIndex.php to exit

    RewriteCond%{HTTPS} off# For HTTP access
    RewriteCon%{REQUEST_FILENAME}!-d
    US>RewriteCon%{REQUEST_FILENAME}!-f
    Redirect to RewriteRule.https://%{HTTP_HOST}%{REQUEST_URI}[L,R]# https://Hostname/URI and exit

</IfModule>

Logs (Main parts extracted)

add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'^(.*)/$'touri' path/to'
add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'.'touri'path/to'
RewriteCond: input = 'off' pattern = 'on' = > not-matched
add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'.'touri'path/to'
RewriteCond: input = 'off' pattern = 'off' = > matched
RewriteCond: input='/var/www/html/path'pattern='!-d'=>matched
RewriteCond: input='/var/www/html/path'pattern='!-f'=>matched
rewrite 'path/to' - > 'https://myhostname/path/to'
explicitly forcing redirect with https://myhostname/path/to
escaping https://myhostname/path/to for redirect
redirect to https://myhostname/path/to [REDIRECT/302] --> Looping to this point
add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'^(.*)/$'touri' path/to'
add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'.'touri'path/to'
RewriteCond: input = 'off' pattern = 'on' = > not-matched
add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'.'touri'path/to'
RewriteCond: I should have redirected it with input='off' pattern='off'=>matched -->https...
RewriteCond: input='/var/www/html/path'pattern='!-d'=>matched
RewriteCond: input='/var/www/html/path'pattern='!-f'=>matched
rewrite 'path/to' - > 'https://myhostname/path/to'
explicitly forcing redirect with https://myhostname/path/to
escaping https://myhostname/path/to for redirect
redirect to https://myhostname/path/to [REDIRECT/302]
・
・
of the same thing, to continue endlessly

Also, I don't understand .htaccess well, and I feel that the description is redundant, so please let me know if there is a smarter way to describe it.
Thank you for your cooperation.

aws apache

2022-09-30 21:15

2 Answers

I didn't actually try it, so I just looked it up online...

SSL Configured on AWS Load Balancer

I think this is the cause.Whether the client connects to ELB via HTTPS, the instance behind it will receive requests via HTTP.Naturally, %{HTTPS} is always off, so redirects occur indefinitely.To determine if the client-to-ELB connection is HTTPS, you must use the HTTP header X-Forwarded-Port or X-Forwarded-Proto to which the ELB attaches.

X-Forwarded Header for Elastic Load Balancing - Elastic Load Balancing

ELB itself also periodically sends requests for health checks.This request does not have the header X-Forwarded-** but must return 200.

Other things I'm curious about are

Redirecting to HTTPS should be done not only for URLs through Ravel but also for real files, so it is better not to have !-d!-f.Also, the pattern . does not match http://hoge.com/, so you must use .* or ^.
Redirecting to HTTPS is permanent, so 301 redirect is appropriate.
By processing and terminating the redirect to HTTPS first, you can skip a decision like RewriteCond%{HTTP}off.

To sum up, how about the following?

Redirect if connected via http to #ELB
# (HealthCheck should be false as it does not have the header)
RewriteCond%{HTTP:X-Forwarded-Port} = http
RewriteRule^https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# remove the last / except for the actual folder
RewriteCon%{REQUEST_FILENAME}!-d
RewriteRule^(.*)/$/$1 [L,R=301]

# Larvel handles all non-existent paths
RewriteCon%{REQUEST_FILENAME}!-d
US>RewriteCon%{REQUEST_FILENAME}!-f
RewriteRule.index.php [L]

Note How to configure HTTPS (SSL) communication using AWS Elastic Load Balancer and Apache - komiyak's path

2022-09-30 21:15

In the public folder, add the following code to the .htaccess file:

RewriteEngine On

# Redirect to https
RewriteCond%{HTTP:X-Forwarded-Proto}!https
RewriteRule^(.*)$https://%{HTTP_HOST}/$1 [R=301,L]

Try editing the web server settings for another method.For example, a file with the Nginx configuration.

server{
 listen80;
 server_name domain.net www.domain.net;
 rewrite^(.*)https://domain.net $1 permanent;
}

You can also change Apache settings.

2022-09-30 21:15

If you have any answers or tips

Popular Tags

python x 4647

android x 1593

java x 1494

javascript x 1427

c x 927

c++ x 878

ruby-on-rails x 696

php x 692

python3 x 685

html x 656