This rule ensures that ELB application load balancers redirect HTTP requests to HTTPS for improved security.
Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
Framework | NIST 800-53 Revision 4 |
Severity | ✔ Medium |
Rule Description:
ELB (Elastic Load Balancer) application load balancers should redirect HTTP requests to HTTPS for compliance with the NIST 800-53 Revision 4, which is a set of security controls and guidelines for federal information systems and organizations.
Enforcing the redirect from HTTP to HTTPS ensures that the communication between clients and the web servers is securely encrypted, protecting sensitive information and preventing various attacks such as eavesdropping, man-in-the-middle, and data manipulation.
Troubleshooting Steps:
If the redirection from HTTP to HTTPS is not occurring as expected, consider the following troubleshooting steps:
Verify the listener configuration on the ELB:
Check the web server configuration:
Validate the security group settings:
Review the health check configuration:
Necessary Codes:
The redirection from HTTP to HTTPS on an ELB can be achieved by configuring the appropriate rules using the AWS Command Line Interface (CLI). Here are sample commands for achieving this:
aws elbv2 create-rule \ --listener-arn <listener_arn> \ --priority <rule_priority> \ --actions Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,StatusCode=HTTP_301}
<listener_arn>
with the ARN of the HTTPS listener on the ELB.<rule_priority>
to a suitable value to determine the precedence of this rule.aws elbv2 modify-listener \ --listener-arn <http_listener_arn> \ --default-actions Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,StatusCode=HTTP_301}
<http_listener_arn>
with the ARN of the HTTP listener on the ELB.Please note that the above commands assume you have the necessary permissions to execute them. Adjust the commands as per your specific AWS environment and naming conventions.
Step-by-Step Guide for Remediation:
Follow these steps to redirect HTTP requests to HTTPS on an ELB using the AWS Management Console:
Open the AWS Management Console and navigate to the EC2 service.
Select the desired ELB application load balancer from the list.
Go to the "Listeners" tab and ensure that both HTTP (port 80) and HTTPS (port 443) listeners are configured.
Select the HTTP listener and click on the "Edit" button.
In the "Edit Listener" dialog box, set the default action to "Redirect to..." and choose "HTTPS" as the protocol, port "443", and "HTTP_301" as the status code.
Save the changes and test the configuration by accessing the ELB using HTTP. It should automatically redirect to the HTTPS version.
Optionally, you can also create a redirect rule for fine-grained control. To do this, go to the "Rules" tab and click on "Create Rule". Provide the necessary details and set the redirect action as described in the "Necessary Codes" section.
Verify the redirection by accessing the ELB using HTTP and ensure it redirects to HTTPS.
By following these steps, you will configure the ELB application load balancer to redirect HTTP requests to HTTPS, thereby fulfilling the requirement of NIST 800-53 Revision 4 compliance.