Rule: ELB Application Load Balancers should redirect HTTP requests to HTTPS
This rule ensures that ELB Application Load Balancers redirect HTTP requests to HTTPS for enhanced security measures.
| Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Medium |
Rule Description
This rule requires the Elastic Load Balancer (ELB) application load balancers to redirect HTTP requests to HTTPS when serving content that falls under the GxP 21 CFR Part 11 compliance standard. This ensures that all communication with the server is encrypted over a secure HTTPS connection, thereby meeting regulatory requirements for data integrity and security.
Troubleshooting Steps
If there are issues related to redirecting HTTP requests to HTTPS, the following troubleshooting steps can be followed:
- 1.
Verify SSL/TLS Certificate: Ensure that a valid SSL/TLS certificate is installed on the ELB application load balancer. Check for any certificate expiry or configuration issues.
- 2.
Check Listener Configuration: Verify that the listener configuration for the load balancer is set up correctly to handle both HTTP and HTTPS traffic. Ensure that the HTTP listener is configured to redirect requests to the HTTPS listener.
- 3.
Check Security Group Settings: Ensure that the security group assigned to the load balancer allows incoming traffic on both HTTP (port 80) and HTTPS (port 443). If necessary, modify the security group settings to allow the required traffic.
- 4.
Check ELB Access Logs: Review the ELB access logs to identify any potential issues with HTTP to HTTPS redirection. Look for any error codes or unexpected behavior in the logs.
- 5.
Verify Backend Server Configuration: Ensure that the backend servers are properly configured to handle HTTPS traffic. Check that the necessary SSL certificates are installed on the backend servers and that they are configured to listen on the correct HTTPS port.
Configuration Changes
To configure the ELB application load balancer to redirect HTTP requests to HTTPS, the following steps can be followed:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the EC2 dashboard and select "Load Balancers" from the sidebar menu.
- 3.
Choose the appropriate load balancer from the list.
- 4.
In the load balancer properties, go to the "Listeners" tab.
- 5.
You should see an existing listener for port 80 (HTTP). Edit this listener.
- 6.
In the "Edit Listener" dialog box, select the "Redirect to" option and choose HTTPS from the dropdown menu.
- 7.
Set the redirect action status code to "HTTP_301" to ensure a permanent redirect.
- 8.
Specify the HTTPS port number to which the requests should be redirected (typically 443).
- 9.
Click "Save" to apply the changes.
- 10.
Test the configuration by accessing the load balancer's HTTP URL. You should be automatically redirected to the HTTPS URL.
Example Configuration Codes
If you prefer to use AWS CLI for configuration, the following command can be used to modify the listener configuration:
aws elbv2 modify-listener --listener-arn <listener-arn> --port 80 --protocol HTTP --default-actions Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,StatusCode=HTTP_301}
Replace
<listener-arn>Note: Ensure that you have the necessary permissions to execute AWS CLI commands.
Remediation Steps
Follow the steps below to remediate any misconfiguration or non-compliance related to redirecting HTTP requests to HTTPS:
- 1.
Identify the ELB application load balancer that needs to be configured for redirecting HTTP to HTTPS.
- 2.
Follow the configuration changes mentioned above to modify the load balancer's listener settings and enable the HTTP to HTTPS redirection.
- 3.
Use the provided example configuration codes or AWS CLI command to modify the listener configuration as needed.
- 4.
Test the configuration by accessing the load balancer's HTTP URL and verifying that it successfully redirects to the HTTPS URL.
- 5.
Monitor the load balancer's access logs and verify that all requests are correctly redirected to HTTPS.
- 6.
Document the changes made and ensure compliance with GxP 21 CFR Part 11 regulations.
By following these steps, you can ensure that the ELB application load balancers redirect HTTP requests to HTTPS for GxP 21 CFR Part 11 compliance.