Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: ELB Application Load Balancers Redirect HTTP to HTTPS

This rule ensures ELB application load balancers redirect HTTP requests to HTTPS for enhanced security.

RuleELB application load balancers should redirect HTTP requests to HTTPS
FrameworkNIST 800-171 Revision 2
Severity
Medium

Rule Description

According to the NIST 800-171 Revision 2 guidelines, all ELB (Elastic Load Balancer) application load balancers should enforce the use of HTTPS by redirecting all HTTP requests to HTTPS. This rule ensures secure communication between the client and the load balancer.

Troubleshooting Steps

If there are any issues with redirecting HTTP requests to HTTPS, follow these troubleshooting steps:

  1. 1.
    Verify the load balancer listener configuration for both HTTP and HTTPS.
  2. 2.
    Check if the SSL certificate is correctly associated with the HTTPS listener.
  3. 3.
    Ensure that the load balancer's security groups and network access control lists (ACLs) allow inbound HTTPS traffic.
  4. 4.
    Verify that the web servers behind the load balancer are listening on the correct ports for both HTTP and HTTPS.

Necessary Code or Configuration

To implement the redirect rule, you need to configure the appropriate settings on your ELB load balancer. Here are the necessary codes and configurations:

  1. 1.
    Update the load balancer listener configuration:
aws elbv2 modify-listener --listener-arn <listener-arn> --port <port> --protocol HTTP --default-actions Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,Host=#{host},Path=#{path},Query=#{query},StatusCode=HTTP_301}

Replace

<listener-arn>
with the ARN (Amazon Resource Name) of your listener and
<port>
with the port number associated with the HTTP listener.

  1. 1.
    Associate an SSL certificate with the HTTPS listener:
aws elbv2 modify-listener --listener-arn <listener-arn> --certificates CertificateArn=<certificate-arn>

Replace

<listener-arn>
with the ARN of your listener and
<certificate-arn>
with the ARN of your SSL certificate.

  1. 1.
    Ensure that both HTTP (80) and HTTPS (443) ports are enabled in the security groups and network ACLs of the load balancer and associated instances.

Step-by-Step Guide for Remediation

Follow these steps to enable the redirection of HTTP requests to HTTPS on your ELB application load balancer:

  1. 1.
    Identify the ARN of the listener associated with the load balancer you wish to configure.
  2. 2.
    Update the listener configuration to redirect HTTP traffic to HTTPS by running the following command:
aws elbv2 modify-listener --listener-arn <listener-arn> --port <port> --protocol HTTP --default-actions Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,Host=#{host},Path=#{path},Query=#{query},StatusCode=HTTP_301}

Replace

<listener-arn>
with the ARN of your listener and
<port>
with the port number associated with the HTTP listener.

  1. 1.
    Associate an SSL certificate with the HTTPS listener by running the following command:
aws elbv2 modify-listener --listener-arn <listener-arn> --certificates CertificateArn=<certificate-arn>

Replace

<listener-arn>
with the ARN of your listener and
<certificate-arn>
with the ARN of your SSL certificate.

  1. 1.

    Verify that the security groups and network ACLs associated with the load balancer and its instances allow inbound HTTPS traffic on port 443.

  2. 2.

    Confirm that the web servers behind the load balancer are listening on the correct ports for both HTTP (typically 80) and HTTPS (typically 443).

  3. 3.

    Test the redirection by accessing your website using HTTP. The load balancer should automatically redirect the request to HTTPS.

By following these steps, you will successfully configure your ELB application load balancer to redirect HTTP requests to HTTPS, ensuring compliance with NIST 800-171 Revision 2 guidelines.

Is your System Free of Underlying Vulnerabilities?
Find Out Now