Issue with File Downloads via HTTPS on Application Behind Application Load Balancer

Question

Hello all,

We are currently experiencing an issue with our AWS environment where our application is deployed on an EC2 instance behind an Application Load Balancer (ALB). We have configured our ALB to redirect HTTP requests to HTTPS to ensure secure communication. However, we've encountered a problem specifically related to downloading files from our application.

Issue Description:

**Environment Setup**: Our setup includes an Application Load Balancer with an EC2 instance serving as the backend target (Microsoft IIS). The ALB is configured to listen on both HTTP (port 80) and HTTPS (port 443) traffic. Communication between Application Load Balancer and EC2 backend target (Microsoft IIS) is running via HTTP (80) protocol.

**Configuration Implemented**: We have successfully implemented a redirection rule on the ALB to automatically redirect all HTTP requests to HTTPS, aiming to enforce SSL/TLS for secure communication.

**Problem Encountered**: Despite the successful redirection from HTTP to HTTPS for regular traffic, we observed that file downloads from our application are only successful when initiated over HTTP. When attempting to download files using HTTPS, the downloads fail, and no specific error message is provided to indicate the cause of the failure.

From the AWS internal network (HTTPS communication is blocked) we are able to download files. For temporary time new tab is opened and closed with pop up warning window that protocol is unsafe. 
From the internet new tab is opened and closed but the download is not started and pop up window is not displayed.

**Questions/Assistance Required:**
* Are there any known issues or configurations on the ALB that might prevent file downloads specifically over HTTPS?
* Could there be any specific settings or headers that need to be adjusted in our application or on the ALB to facilitate file downloads over HTTPS?
* Is there any additional logging or monitoring that we can enable on the ALB or the EC2 instance to gain more insights into why HTTPS file downloads are failing?

We would greatly appreciate any guidance or recommendations you can provide to help us resolve this issue. Ensuring secure file downloads via HTTPS is critical for our application's security and user trust.

Thank you for your support.

Answer

Hello.

> Are there any known issues or configurations on the ALB that might prevent file downloads specifically over HTTPS?

I myself have never heard or seen such an event.  
For example, is it possible that a file is taking a long time to download and is timing out?

> Could there be any specific settings or headers that need to be adjusted in our application or on the ALB to facilitate file downloads over HTTPS?

Are there any errors output in the application log or access log when downloading the file?  
Also, can I check the access log when downloading the file and confirm that the access has reached EC2?

> Is there any additional logging or monitoring that we can enable on the ALB or the EC2 instance to gain more insights into why HTTPS file downloads are failing?

By looking at the ALB access log, you can determine whether the request is reaching the target EC2.  
If it has reached the target EC2, you need to check the logs of the application hosted on EC2.  
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html

Answer

Adding to the other answer:

Have you tried downloading the files directly over HTTPS using a tool such as `curl` or `wget` without going through the redirect process? You can enable debugging to see what is happening. That will also clear up the problem of "no error message". There is an error here but without knowing what it is, troubleshooting is very difficult. Even "timeout" is an error and it would tell us something.

Issue with File Downloads via HTTPS on Application Behind Application Load Balancer

Relevant content