Detect HTTPS without SSL Termination

Question

I am trying to find out if https is in the address bar, as I have SSL termination before the HAPROXY, but I want HAPROXY to do the redirect if it is HTTP (a bit of an odd request i know).

I tried the: redirect scheme https if !{ ssl_fc }

But it ends up in a never ending loops because it the packets already don't have SSL. Is there another way to get the prefix on a address bar? Also it does it for multiple domains, so trying to do this with a wildcard.

Michael - sqlbot Michael - sqlbot · Accepted Answer · 2016-05-27T11:45:31

I have SSL termination before the HAPROXY

I assume you mean SSL is terminated on an ELB?

If so:

redirect scheme https unless { hdr(x-forwarded-proto) -m str https }

ELB in http mode adds X-Forwarded-Proto: https on SSL connections. The value is set to http otherwise. Generate a redirect unless the header value matches what you expect.

Detect HTTPS without SSL Termination

1 Answers