阻止Elastic Load Balancer显示内部专用IP
引起我注意的是,即使在私有子网中,ELB后面的ec2实例的内部IP也会在发出特定类型的请求时显示出来.特别是一个HOST值为空的
It's come to my attention that the internal IP of ec2 instances behind an ELB, even when in a private subnet, are revealed when a particular type of request is issued. specifically one with an empty HOST value.
telnet site_url 80
GET / HTTP/1.0
返回的标头:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=1209600
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 26 Mar 2015 18:47:22 GMT
Expires: Thu, 09 Apr 2015 18:47:22 GMT
Location: https://10.0.7.35/
Server: Apache
Content-Length: 226
Connection: Close
自然地,这也会在443上打开ssl请求时发生.
Naturally this occurs with an open ssl request on 443 as well.
有人知道解决此问题的方法或锻炼方法吗?我知道IIS会遭受相同的症状,但是我的问题是特定于AWS ELB的.
Is anyone aware of a resolution or workout for this problem? I know IIS suffers from the same symptoms but my problem is specific to AWS ELBs.
Apache重定向以强制HTTPS.
Apache redirect to force HTTPS.
RewriteCond %{HTTPS} off
RewriteCond %{SERVER_ADDR} !^127\.0\.0\.1
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
这确实与ELB无关,与Apache无关,这显然是返回此信息的原因(因此,输出).
This really has nothing to do with the ELB and everything to do with Apache, which is clearly what is returning this information (hence the server: Apache line in the output).
您显然在Apache配置中定义了某种重定向,以将流量从端口80重定向到端口443.您可能应该更新问题,使其包含Apache配置文件的相关部分,包括所有重写规则, ServerName,.htaccess设置等.
You obviously have some sort of a redirect defined in your Apache configuration to redirect traffic from port 80 to port 443. You should probably update your question to include the relevant portions of your Apache configuration file(s) including any Rewrite rules, ServerName, .htaccess settings, etc.
您在重写规则中使用HTTP_HOST,它与请求中提供的主机相对应.在您提供的示例中,您没有提供主机,因此请尝试这样做:
You're using HTTP_HOST in your rewrite rule, and that corresponds to the host that's provided in the request. In the example you provided you're not providing a host, so try doing this instead:
$ telnet www.example.com 80
GET / HTTP/1.0
Host: www.example.com
如果定义了虚拟主机,则请求的主机部分是必需的,以便Apache知道应将请求路由到哪个虚拟主机.
The Host part of the request is necessary in the event that there are virtual hosts defined so that Apache knows which virtual host the request should be routed to.
您可能还希望沿着这些行添加另一个重写条件:
You might also want to add another rewrite condition along these lines:
RewriteCond %{HTTP_HOST} !^www.example.com
RewriteRule ^(.*)$ https://www.example.com$1 [R=301,L]
这将确保如果有人尝试访问您的网站而没有提供包含标头的完整请求,该标头将重定向到适当的域.
That will ensure that if somebody tries to access your site without providing a full request containing a header that it will redirect to the proper domain.