Merge pull request #2 from Flaconi/better_handling_of_https_to_http

Better handling of HTTPS to HTTP redirects, it should error
Flaconi · Oct 11, 2019 · 2fb7c65 · 2fb7c65
2 parents 28f8a9c + 920a3c8
commit 2fb7c65
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -78,13 +78,14 @@ module "alb_redirect" {
       # Match host `somehost3.tld`, match all paths, forward to http://http-redir-cannot-be-created-on-https-listener.example.com
       # path will be preserved
       # query params will be preserved
-      # this will only work on http listener as redirects from HTTPS to HTTP are not supported
+      # this will only work on http listener as redirects from HTTPS to HTTP are not supported, hence we disable it for HTTPS
       path_match        = "*"
       host_match        = "somehost3.tld"
       redirect_host     = "http-redir-cannot-be-created-on-https-listener.example.com"
       redirect_protocol = "HTTP"
       redirect_path     = "/"
       redirect_port     = "80"
+      disabled_for      = "HTTPS"
     },
     {
       path_match        = "/danger-forward-all-uris-of-all-hosts'"

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -101,13 +101,14 @@ module "redirect" {
       # Match host `somehost3.tld`, match all paths, forward to http://http-redir-cannot-be-created-on-https-listener.example.com
       # path will be preserved
       # query params will be preserved
-      # this will only work on http listener as redicts from HTTPS to HTTP are not supported
+      # this will only work on http listener as redirects from HTTPS to HTTP are not supported, hence we disable it for HTTPS
       path_match        = "*"
       host_match        = "somehost3.tld"
       redirect_host     = "http-redir-cannot-be-created-on-https-listener.example.com"
       redirect_protocol = "HTTP"
       redirect_path     = "/"
       redirect_port     = "80"
+      disabled_for      = "HTTPS"
     },
     {
       path_match        = "/danger-forward-all-uris-of-all-hosts'"

diff --git a/main.tf b/main.tf
@@ -181,7 +181,7 @@ resource "aws_lb_listener_rule" "this" {
     "${rule.listener_type}://${rule.rule.host_match}${rule.rule.path_match}" => merge(
       rule.rule,
       { "listener_type" = rule.listener_type }
-  ) if ! (rule.rule.redirect_protocol == "HTTP" && rule.listener_type == "HTTPS") }
+  ) if lookup(rule.rule, "disabled_for", "") != rule.listener_type }
 
   listener_arn = each.value.listener_type == "HTTP" ? aws_lb_listener.http.arn : join("", aws_lb_listener.https.*.arn)