1

Setup within the AWS ecosystem is multiple web sites across 2 domains using ELB, SSL, IIS & ASP.NET across 2 EC2 instances.

After a security audit, we discovered our cookies weren't set to secure, so I setup a URL rewrite to look for the appropriate header from ELB and set HTTPS to true. The problem is, users started getting emails stating https://www.test.com:80/ as the domain and unfortunately, we have too many references to Request.Url to make a change quickly.

Obviously IIS requires a different IP address (or port number) to host 2 SSL certificates. If we change the port number, we'll still have the same issue, so we were hoping to add a secondary IP address and point ELB to use it, but that doesn't appear to be supported. I'm fairly new to AWS, so I was hoping someone could give me some direction in terms of getting SSL to terminate within IIS on ELB.

So what I am asking is, is there a way to get ELB to use a specific IP Address instead of a generic EC2 instance which uses the primary IP Address?

Thank you in advance,

Andrew

Improve this question
0

1 Answer 1

Reset to default
0

If we change the port number, we'll still have the same issue,

No, you wouldn't.

Set up a second ELB using standard ports toward the Internet and custom ports toward the instance(s).

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

In ASP.NET wouldn't Request.Url return test.com:44300 if you used 44300 as the port number?
Well, it shouldn't be, because the port used for connecting to the instance by the balancer shouldn't appear in the Host: header, because the balancer shouldn't put it there -- unlike what would be expected if you pointed a browser directly at example.com:43000, in which case it would. Probably worth investigating. I run non-MS web servers behind ELB on strange ports and have never even considered this something to expect to be broken.
However, this follow up does potentially explain what you were talking about with regard to https://www.test.com:80/, which, previously, made no sense to me at all.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.