Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: ELB Application Load Balancers Redirect HTTP to HTTPS

This rule ensures that ELB application load balancers redirect HTTP requests to HTTPS for improved security.

RuleELB application load balancers should redirect HTTP requests to HTTPS
FrameworkNIST 800-53 Revision 4
Severity
Medium

Rule Description:

ELB (Elastic Load Balancer) application load balancers should redirect HTTP requests to HTTPS for compliance with the NIST 800-53 Revision 4, which is a set of security controls and guidelines for federal information systems and organizations.

Enforcing the redirect from HTTP to HTTPS ensures that the communication between clients and the web servers is securely encrypted, protecting sensitive information and preventing various attacks such as eavesdropping, man-in-the-middle, and data manipulation.

Troubleshooting Steps:

If the redirection from HTTP to HTTPS is not occurring as expected, consider the following troubleshooting steps:

  1. 1.

    Verify the listener configuration on the ELB:

    • Check if the ELB has both HTTP (port 80) and HTTPS (port 443) listeners configured.
    • Ensure that the default action of the HTTP listener is set to redirect to HTTPS.
  2. 2.

    Check the web server configuration:

    • Confirm that the web servers behind the ELB are configured to accept HTTPS traffic on port 443.
    • Verify that the SSL/TLS certificate is properly installed on the web servers.
  3. 3.

    Validate the security group settings:

    • Ensure that the security group associated with the ELB allows incoming traffic on both port 80 and port 443.
  4. 4.

    Review the health check configuration:

    • Make sure that the health check is passing for the instances behind the ELB.
    • If instances are failing the health check, investigate and resolve any underlying issues.

Necessary Codes:

The redirection from HTTP to HTTPS on an ELB can be achieved by configuring the appropriate rules using the AWS Command Line Interface (CLI). Here are sample commands for achieving this:

  1. 1.
    Create a redirect rule:
aws elbv2 create-rule \
    --listener-arn <listener_arn> \
    --priority <rule_priority> \
    --actions Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,StatusCode=HTTP_301}
  • Replace
    <listener_arn>
    with the ARN of the HTTPS listener on the ELB.
  • Set
    <rule_priority>
    to a suitable value to determine the precedence of this rule.
  1. 1.
    Ensure the HTTP listener has a default action:
aws elbv2 modify-listener \
    --listener-arn <http_listener_arn> \
    --default-actions Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,StatusCode=HTTP_301}
  • Replace
    <http_listener_arn>
    with the ARN of the HTTP listener on the ELB.

Please note that the above commands assume you have the necessary permissions to execute them. Adjust the commands as per your specific AWS environment and naming conventions.

Step-by-Step Guide for Remediation:

Follow these steps to redirect HTTP requests to HTTPS on an ELB using the AWS Management Console:

  1. 1.

    Open the AWS Management Console and navigate to the EC2 service.

  2. 2.

    Select the desired ELB application load balancer from the list.

  3. 3.

    Go to the "Listeners" tab and ensure that both HTTP (port 80) and HTTPS (port 443) listeners are configured.

  4. 4.

    Select the HTTP listener and click on the "Edit" button.

  5. 5.

    In the "Edit Listener" dialog box, set the default action to "Redirect to..." and choose "HTTPS" as the protocol, port "443", and "HTTP_301" as the status code.

  6. 6.

    Save the changes and test the configuration by accessing the ELB using HTTP. It should automatically redirect to the HTTPS version.

  7. 7.

    Optionally, you can also create a redirect rule for fine-grained control. To do this, go to the "Rules" tab and click on "Create Rule". Provide the necessary details and set the redirect action as described in the "Necessary Codes" section.

  8. 8.

    Verify the redirection by accessing the ELB using HTTP and ensure it redirects to HTTPS.

By following these steps, you will configure the ELB application load balancer to redirect HTTP requests to HTTPS, thereby fulfilling the requirement of NIST 800-53 Revision 4 compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now