当您在弹性 beantalk 负载均衡器后面时,您如何使用 IIS 的 url 重写模块强制用户使用 ssl?
How do you use IIS's url rewrite module to force users to use ssl while you are behind an elastic beanstalk load balancer?
推荐答案由于一些原因,这比听起来要困难得多.一,负载平衡器负责 ssl,因此从负载平衡器传递的请求永远不会使用 ssl.如果您使用传统的重写规则,您将获得无限循环的重定向.另一个需要解决的问题是,如果收到重定向响应,AWS 运行状况检查将失败.
This is more difficult than it sounds for a few reasons. One, the load balancer is taking care of ssl so requests passed from the load balancer are never using ssl. If you use the traditional rewrite rule you will get an infinite loop of redirects. Another issue to contend with is that the AWS healthcheck will fail if it receives a redirect response.
在 web.config 的 部分添加以下重写规则:
Add the rewrite rule below in your web.config's <system.webServer><rewrite><rules> section: <rule name="Force Https" stopProcessing="true"> <match url="healthcheck.html" negate="true" /> <conditions> <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" /> </conditions> <action type="Redirect" url="{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" /> </rule>
请注意,除了我们的健康检查文件之外,规则匹配的任何内容.这可以确保负载平衡器的健康检查成功,并且不会错误地将我们的服务器从负载中删除.
Notice that the rule match is on anything but our healthcheck file. This makes sure the load balancer's health check will succeed and not mistakenly drop our server from the load.
负载均衡器在标头中传递 X-Forwarded-Proto 值,它让我们知道请求是否通过 https.如果该值不是 https 并返回使用 https 的永久重定向,我们的规则就会触发.
The load balancer passes the X-Forwarded-Proto value in the header which lets us know if the request was through https or not. Our rule triggers if that value is not https and returns a permanent redirect using https.
更多推荐
在弹性 beantalk 的负载均衡器中通过 IIS 中的 url 重写重定向到 https
发布评论