AEM redirects user back to http when accessed through SSL/TLS terminated Load Balancer

Last update: 2022-11-08



  • Experience Manager

When accessing AEM through an SSL terminated Load Balancer (or SSL terminated CDN), then AEM redirects back from https to http.

SSL termination at the load balancer means that the SSL certificates are installed in the load balancer. The end user accesses the site through https://, and the Dispatcher/Web Server and AEM are accessed on the back end with http://.



Different load balancers send different headers to notify the back end systems that SSLis terminated upstream. For example, Amazon ELB uses the header “X-Forwarded-Proto: https”.


To fix the issue:

I. Update Dispatcher /clientheaders configuration

Refer to the documentation of your load balancer to find out which header it sets to notify downstream systems that it terminated SSL. For simplicity, in these steps we assume that the correct HTTP header is “X-Forwarded-Proto: https

  1. Log in to the dispatcher server.
  2. Open the dispatcher farm .any configuration.
  3. Add the header to the /clientheaders section.

If you are using dispatcher without a load balancer or if your load balancer or proxy fails to set the X-Forwarded-Proto header, then you can set it at the web server or dispatcher level. If you are using Apache HTTP Server, then update your HTTPS VirtualHostwith this directive:

1 RequestHeader  set X-Forwarded-Proto  "https"

II. Update the Header Configurations:

  1. Go to http://host:port/system/console/configMgr/org.apache.felix.http.sslfilter.SslFilter, and log in as administrator.
  2. Set SSLforward header to X-Forwarded-Proto.
  3. Set SSLforward value to https.
  4. Click Save.


There is no standard for reverse proxy headers that tell the back end which protocol is used. However, here are some that are known:

  • Amazon ELB (Elastic Load Balancer) uses the “X-Forwarded-Proto: https” header.
  • Amazon Cloudfront CDN uses “X-Cloudfront-Proto: https” header.

III. Update the Jetty OSGi Configuration (AEM 6.3 and later versions)

On AEM 6.3 and later versions there is an addition configuration required:

  • Log in to http://aem-host:port/system/console/configMgr/org.apache.felix.http.
  • Enable the setting Enable Proxy/Load Balancer Connection, and save it.

On this page