This rule ensures ELB application load balancers redirect HTTP requests to HTTPS for enhanced security.
Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ Medium |
Rule Description
According to the NIST 800-171 Revision 2 guidelines, all ELB (Elastic Load Balancer) application load balancers should enforce the use of HTTPS by redirecting all HTTP requests to HTTPS. This rule ensures secure communication between the client and the load balancer.
Troubleshooting Steps
If there are any issues with redirecting HTTP requests to HTTPS, follow these troubleshooting steps:
Necessary Code or Configuration
To implement the redirect rule, you need to configure the appropriate settings on your ELB load balancer. Here are the necessary codes and configurations:
aws elbv2 modify-listener --listener-arn <listener-arn> --port <port> --protocol HTTP --default-actions Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,Host=#{host},Path=#{path},Query=#{query},StatusCode=HTTP_301}
Replace
<listener-arn>
with the ARN (Amazon Resource Name) of your listener and <port>
with the port number associated with the HTTP listener.aws elbv2 modify-listener --listener-arn <listener-arn> --certificates CertificateArn=<certificate-arn>
Replace
<listener-arn>
with the ARN of your listener and <certificate-arn>
with the ARN of your SSL certificate.Step-by-Step Guide for Remediation
Follow these steps to enable the redirection of HTTP requests to HTTPS on your ELB application load balancer:
aws elbv2 modify-listener --listener-arn <listener-arn> --port <port> --protocol HTTP --default-actions Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,Host=#{host},Path=#{path},Query=#{query},StatusCode=HTTP_301}
Replace
<listener-arn>
with the ARN of your listener and <port>
with the port number associated with the HTTP listener.aws elbv2 modify-listener --listener-arn <listener-arn> --certificates CertificateArn=<certificate-arn>
Replace
<listener-arn>
with the ARN of your listener and <certificate-arn>
with the ARN of your SSL certificate.Verify that the security groups and network ACLs associated with the load balancer and its instances allow inbound HTTPS traffic on port 443.
Confirm that the web servers behind the load balancer are listening on the correct ports for both HTTP (typically 80) and HTTPS (typically 443).
Test the redirection by accessing your website using HTTP. The load balancer should automatically redirect the request to HTTPS.
By following these steps, you will successfully configure your ELB application load balancer to redirect HTTP requests to HTTPS, ensuring compliance with NIST 800-171 Revision 2 guidelines.