Rule: ELB Application Load Balancers Should Redirect HTTP Requests to HTTPS
This rule ensures that ELB application load balancers redirect HTTP requests to HTTPS for enhanced security measures.
| Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ Medium |
Rule Description:
ELB application load balancers should be configured to redirect HTTP requests to HTTPS in order to enforce secure connections and comply with NIST 800-53 Revision 4 requirements. This ensures that all communication between clients and the load balancer is encrypted, protecting sensitive data and improving overall security posture.
Troubleshooting Steps (if required):
- 1.
Verify Load Balancer Listener Configuration: Check if the load balancer listener is correctly configured to accept both HTTP and HTTPS connections.
- 2.
Check Security Group Settings: Ensure that the security group associated with the load balancer allows incoming traffic on both HTTP (port 80) and HTTPS (port 443).
- 3.
Verify Target Group Configuration: Ensure that the target group associated with the load balancer is correctly configured to route traffic to the appropriate instances.
- 4.
Confirm SSL/TLS Certificate: Verify that a valid SSL/TLS certificate is configured and associated with the load balancer listener. If not, obtain and configure the appropriate certificate.
- 5.
Test Connectivity: Perform a test by accessing the HTTP endpoint of the load balancer and check if it automatically redirects to HTTPS.
Necessary Configuration Codes (if required):
No specific configuration codes are required. The redirection from HTTP to HTTPS can be achieved using the load balancer console or CLI.
Step-by-Step Guide for Remediation:
Follow these steps to configure ELB application load balancers to redirect HTTP requests to HTTPS:
- 1.
Open the AWS Management Console and navigate to the EC2 service.
- 2.
In the navigation pane, click on 'Load Balancers' and select the desired load balancer.
- 3.
Select the 'Listeners' tab and locate the HTTP listener (port 80).
- 4.
Click on the 'Edit' button next to the listener configuration.
- 5.
In the 'Redirect' section, enable the option for redirecting HTTP to HTTPS.
- 6.
Configure the HTTPS listener (port 443) with the appropriate SSL/TLS certificate.
- 7.
Click 'Save' to apply the changes.
- 8.
Test the configuration by accessing the HTTP endpoint of the load balancer. It should automatically redirect to HTTPS.
CLI Command for Remediation (if required):
There are no specific CLI commands required for this remediation as the configuration is done through the AWS Management Console. However, if you prefer the CLI approach, you can use the following command to modify the listener configuration:
aws elbv2 modify-listener --listener-arn <listener-arn> --port 80 --protocol HTTP --default-actions Type=redirect,RedirectConfig={"Protocol"=>"HTTPS","Port"=>"443","Host"=>"#{host}#{path}","StatusCode"=>"HTTP_301"}
Replace
<listener-arn>Note: Ensure that you replace
<host><path>Please note that the above command is an example and may require additional modifications based on your specific setup.
By configuring ELB application load balancers to redirect HTTP requests to HTTPS, you maintain compliance with NIST 800-53 Revision 4 and ensure secure communication between clients and the load balancer.