This rule ensures that ELB application load balancers redirect HTTP requests to HTTPS for enhanced security.
Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
Framework | NIST 800-53 Revision 5 |
Severity | ✔ Medium |
Rule Description
The rule enforces that Elastic Load Balancers (ELB) for application load balancers should redirect HTTP requests to HTTPS in accordance with the National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 5 guidelines. This rule aims to ensure secure communication between clients and the application load balancers by enforcing the use of HTTPS.
Troubleshooting Steps
Necessary Codes
No code is required for this rule.
Step-by-Step Guide for Remediation
Note: Redirecting HTTP to HTTPS at the load balancer level does not enforce HTTPS on the backend servers. Ensure that your backend servers also have the necessary configuration to handle HTTPS requests.
Conclusion
By following the above steps, you can comply with the NIST 800-53 Revision 5 guidelines and configure the ELB application load balancer to redirect HTTP requests to HTTPS. This helps improve the security of your application by enforcing encrypted communication between clients and the load balancer.