Did that Elastic Load Balancer request come over HTTPS or HTTP?

Amazon’s Elastic Load Balancer supports SSL. But it is the SSL endpoint, so when ELB forwards an HTTPS request to a server, it turns it into an HTTP request.

Often, it is necessary to know if the request was HTTPS or HTTP. For example, if you’re working on an oauth system or you’d like to make sure people are entering their credit card information on HTTPS pages.

Fortunately, the ELB service adds two headers to the request: X-Forwarded-Proto and X-Forwarded-Port.

If X-Forwarded-Proto is “https”, then it was an HTTPS request.

(There’s a litte more info on the aws blog.)

Comments? Send us a tweet.


New Twitter Account @stathat
go tool package matching