How can I force all requests to be SSL when using EC2 load balancer?
- by chris
I currently have a single EC2 instance which is forcing all requests to be secure by using mod_rewrite:
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
I am planning on moving to a load balanced setup, with multiple back-end instances. If I set up my EC2 load balancer with my certs, do I need to use SSL to communicate between the LB and my instances?
If not, is it as simple as replacing the RewriteCond with
RewriteCond %{HTTP:X-Forwarded_Proto} ^http$
Edit: I tried using the x-forwarded-proto, but it does not appear to work. Is there another way to detect if someone is connected to the LB via SSL?