Cloud Defense Logo

Products

Solutions

Company

Rule: ELB Application Load Balancers Redirect HTTP to HTTPS

This rule ensures that ELB application load balancers redirect HTTP requests to HTTPS for enhanced security.

RuleELB application load balancers should redirect HTTP requests to HTTPS
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description

The rule enforces that Elastic Load Balancers (ELB) for application load balancers should redirect HTTP requests to HTTPS in accordance with the National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 5 guidelines. This rule aims to ensure secure communication between clients and the application load balancers by enforcing the use of HTTPS.

Troubleshooting Steps

  1. 1.
    Incorrect Listener Configuration: Check if the listener is correctly configured to handle both HTTP and HTTPS traffic.
  2. 2.
    Misconfigured Redirect Rules: Verify if the redirect rules are accurately set up to redirect HTTP requests to HTTPS.
  3. 3.
    SSL Certificate Issues: Ensure that the SSL certificate is properly installed and configured on the load balancer.
  4. 4.
    Firewall or Security Group Restrictions: Review the firewall rules or security group settings to confirm they are allowing HTTP and HTTPS traffic.

Necessary Codes

No code is required for this rule.

Step-by-Step Guide for Remediation

  1. 1.
    Access the AWS Management Console and navigate to the EC2 service.
  2. 2.
    In the navigation pane, choose "Load Balancers" under the "Load Balancing" section.
  3. 3.
    Select the target application load balancer that needs to redirect HTTP to HTTPS.
  4. 4.
    Click on the "Listeners" tab.
  5. 5.
    Verify if a listener for both HTTP (port 80) and HTTPS (port 443) exists. If not, add a new listener with the following settings:
    • Load Balancer Protocol: HTTP
    • Load Balancer Port: 80
    • Instance Protocol: HTTP
    • Instance Port: 80
    • SSL Certificate: No Change
  6. 6.
    Once the HTTP listener is added, select the HTTP listener and click on "Edit".
  7. 7.
    In the "Add action" section, select "Redirect to" and enter the following settings:
    • Protocol: HTTPS
    • Port: 443
    • Status code: HTTP_301 (Permanent redirect)
  8. 8.
    Save the changes by clicking on "Save" and confirm the redirection rule.
  9. 9.
    Test the configuration by accessing your application using HTTP (e.g., http://example.com). The load balancer should automatically redirect the request to HTTPS (e.g., https://example.com).

Note: Redirecting HTTP to HTTPS at the load balancer level does not enforce HTTPS on the backend servers. Ensure that your backend servers also have the necessary configuration to handle HTTPS requests.

Conclusion

By following the above steps, you can comply with the NIST 800-53 Revision 5 guidelines and configure the ELB application load balancer to redirect HTTP requests to HTTPS. This helps improve the security of your application by enforcing encrypted communication between clients and the load balancer.

Is your System Free of Underlying Vulnerabilities?
Find Out Now