This rule ensures that ELB Application Load Balancers redirect HTTP requests to HTTPS for security compliance.
Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
Framework | NIST 800-53 Revision 5 |
Severity | ✔ Medium |
Rule Description:
The rule states that all HTTP requests to Elastic Load Balancer (ELB) application load balancers should be redirected to HTTPS. This is in accordance with the NIST 800-53 Revision 5 security requirement to enforce secure communication protocols.
Enforcing HTTPS ensures that data transmitted between the client and the server is encrypted and secure, protecting sensitive information and preventing unauthorized access.
Troubleshooting Steps:
Code Samples:
None
Remediation:
To enforce the redirection of HTTP to HTTPS on an ELB application load balancer, follow these step-by-step instructions:
Note: It is necessary to have a valid SSL certificate configured for the ELB and associated with the listener for port 443 (HTTPS) in order for the redirection to work as intended.
By following these steps, you ensure that all HTTP requests to the ELB application load balancer are automatically redirected to the secure HTTPS protocol, helping to meet the NIST 800-53 Revision 5 security requirement.