This rule ensures that ELB Application Load Balancers redirect HTTP requests to HTTPS, helping to enhance security and data protection.
Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
Framework | RBI Cyber Security Framework |
Severity | ✔ Medium |
Rule Description:
The rule requires that all HTTP requests made to the Elastic Load Balancer (ELB) application load balancers should be redirected to HTTPS. This rule is in compliance with the RBI Cyber Security Framework, which mandates secure communication protocols for web applications.
Troubleshooting Steps:
If the redirection from HTTP to HTTPS is not working as expected, the following troubleshooting steps can be taken:
Verify ELB Listener Configuration:
Check Target Group Configuration:
Review Security Group Rules:
Verify SSL Certificate:
Verify Application Configuration:
Necessary Codes:
No specific codes are required for this rule. The configuration settings of the ELB and associated resources need to be adjusted.
Step-by-Step Guide for Remediation:
Follow the steps below to remediate the violation and enable HTTP to HTTPS redirection for ELB application load balancers:
Access the AWS Management Console and navigate to the EC2 service.
From the EC2 Dashboard, select "Load Balancers" in the navigation pane.
Choose the appropriate ELB application load balancer from the list.
Under the "Listeners" tab, locate the listener configuration for port 80 (HTTP).
Select the HTTP listener and click "Edit".
In the Edit Listener dialog box, change the protocol for port 80 to HTTPS.
Select the appropriate SSL certificate from the dropdown list.
Leave the default settings for SSL policies unless you have specific requirements.
Click "Save" to update the listener configuration.
Verify that the HTTP to HTTPS redirection is now in effect by accessing the load balancer's DNS name or URL using HTTP. It should automatically redirect to the corresponding HTTPS URL.
Monitor the ELB and associated resources for any issues and validate that the application functions properly over HTTPS.
Note: It may take a few minutes for the changes to take effect. Clear your browser cache or use an incognito/private browsing window to verify the redirection.
Conclusion:
By following the above steps, you can ensure that all HTTP requests made to the ELB application load balancers are automatically redirected to HTTPS in compliance with the RBI Cyber Security Framework.