Cloud Defense Logo

Products

Solutions

Company

Rule: ELB Application Load Balancers Should Redirect HTTP Requests to HTTPS

This rule ensures that ELB Application Load Balancers properly redirect HTTP requests to HTTPS for increased security.

RuleELB application load balancers should redirect HTTP requests to HTTPS
FrameworkHIPAA
Severity
Medium

Rule Description: The rule requires that all HTTP requests made to the Elastic Load Balancer (ELB) application load balancers in a HIPAA-compliant environment should be redirected to HTTPS. This ensures that sensitive healthcare data transmitted between the clients and the load balancer is securely encrypted.

Troubleshooting Steps:

  1. 1.
    Check ELB Listeners: Verify that the HTTPS listener is properly configured on the ELB. Ensure that the listener is associated with the appropriate SSL/TLS certificate.
  2. 2.
    Verify Load Balancer Configuration: Make sure that the load balancer is properly configured and associated with the correct target groups and instances.
  3. 3.
    Check Security Group Settings: Ensure that the load balancer's security group allows incoming HTTPS traffic on the designated port (usually port 443).
  4. 4.
    Review Health Checks: Confirm that the health checks configured for the target groups are correctly monitoring the backend instances.

Necessary Codes (AWS CLI):

  1. 1.
    Create Redirect Rule:
aws elbv2 create-rule --listener-arn <listener_arn> --priority <priority_number> --conditions Field=host-header,Values=['*'] --actions Type=redirect,RedirectConfig={"Protocol":"HTTPS","Port":"443","StatusCode":"HTTP_301"}

Replace

<listener_arn>
with the ARN of the HTTPS listener and
<priority_number>
with an appropriate rule priority.

Step-by-Step Guide for Remediation:

  1. 1.
    Login to the AWS Management Console.
  2. 2.
    Navigate to the Amazon EC2 service.
  3. 3.
    Click on "Load Balancers" in the left menu.
  4. 4.
    Select the appropriate application load balancer.
  5. 5.
    Under the "Listeners" tab, ensure that the HTTPS listener is configured and associated with the required SSL/TLS certificate.
  6. 6.
    If the listener is not present, click on "Add listener" and configure it accordingly with port 443 and the appropriate certificate.
  7. 7.
    Go to the "Rules" tab and click on "View/edit rules".
  8. 8.
    Click on "Add rule".
  9. 9.
    Input the following details:
    • Conditions Type: host-header, Values: '*'
    • Actions Type: redirect, Redirect Config: Protocol: HTTPS, Port: 443, Status Code: HTTP_301
  10. 10.
    Save the rule.
  11. 11.
    Verify that the load balancer's security group allows incoming HTTPS traffic on port 443.
  12. 12.
    Review the health checks associated with the target groups to ensure they are configured correctly.
  13. 13.
    Test the load balancer by accessing it via HTTP and confirm that it automatically redirects to the HTTPS version.
  14. 14.
    Monitor the load balancer's performance and troubleshoot any issues if they arise.

Note: It is recommended to refer to the official AWS documentation for precise CLI commands and specific troubleshooting scenarios.

Is your System Free of Underlying Vulnerabilities?
Find Out Now