Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: ELB Application Load Balancers Redirect HTTP to HTTPS

This rule ensures ELB application load balancers redirect HTTP requests to HTTPS for security compliance.

RuleELB application load balancers should redirect HTTP requests to HTTPS
FrameworkCISA-cyber-essentials
Severity
Medium

Rule Description

This rule ensures that all HTTP requests made to Elastic Load Balancers (ELB) application load balancers are automatically redirected to HTTPS. Enforcing HTTPS ensures secure communication and data transmission, which is essential for maintaining CISA Cyber Essentials compliance.

Troubleshooting Steps

  2. 1.
    Verify that the ELB application load balancer is correctly configured to handle both HTTP and HTTPS traffic.
  4. 2.
    Check if the ELB listener rules are properly set up to redirect HTTP to HTTPS.
  6. 3.
    Ensure that the SSL/TLS certificate is correctly installed and associated with the ELB.

Necessary Code

In order to redirect HTTP to HTTPS, you need to configure the listener rules for the ELB application load balancer. Here is an example of how to achieve this using the AWS Command Line Interface (CLI):

aws elbv2 create-rule \
    --listener-arn <listener_arn> \
    --priority 1 \
    --conditions Field=host-header,Values=mydomain.com \
    --actions Type=redirect,RedirectConfig="{Protocol=HTTPS,Port=443,Host=#{host},Path=/${path},Query=#{query},StatusCode=HTTP_301}"

Replace 

<listener_arn>
with the ARN (Amazon Resource Name) of the ELB listener to which you want to add the redirect rule. Modify the 
--conditions
and 
--actions
parameters as per your specific requirements.

Step-by-Step Guide for Remediation

Follow these steps to redirect HTTP requests to HTTPS for ELB application load balancers:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Go to the EC2 service.
  6. 3.
    Select the "Load Balancers" option from the left sidebar.
  8. 4.
    Choose the desired ELB application load balancer from the list.
  10. 5.
    Click on the "Listeners" tab.
  12. 6.
    Identify the HTTP listener and click on the pencil (edit) icon next to it.
  14. 7.
    In the "Listener Rules" section, click on "Add rule."
  16. 8.
    Configure the rule as follows:
    • Set the "Priority" to 1 (or any desired value).
    • In the "Conditions" section, select "Host header" and enter the domain name or host header for your application.
    • In the "Actions" section, select "Redirect to" and choose "HTTPS" from the "Protocol" dropdown.
    • Optionally, you can specify the desired HTTP status code and customize the redirect path and query.
  18. 9.
    Click "Save" to apply the redirect rule.
  20. 10.
    Test the redirection by accessing your application using HTTP and verify that it automatically redirects to HTTPS.

By following these steps, all incoming HTTP requests to the ELB application load balancer will be automatically redirected to HTTPS, ensuring compliance with CISA Cyber Essentials requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now