Rule on ELB Application Load Balancers HTTPS Redirection
This rule specifies that ELB application load balancers must redirect HTTP requests to HTTPS for enhanced security.
| Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Medium |
Rule Description
The rule requires that all HTTP requests made to the ELB (Elastic Load Balancer) application load balancers be redirected to HTTPS. This ensures that all communication to the application is encrypted and secure. This rule is implemented to align with the CISA-Cyber Essentials guidelines and best practices to mitigate the risk of unauthorized access to sensitive information.
Troubleshooting
If you experience issues while redirecting HTTP to HTTPS, please follow these troubleshooting steps:
- 1.
Check Security Group settings: Ensure that the security groups associated with the load balancer allow inbound traffic on port 80 (HTTP) and port 443 (HTTPS). Verify that the rules are correctly configured to allow traffic from the desired sources.
- 2.
Verify Listener configuration: Double-check that the listener for the load balancer is correctly configured to listen on port 80 (HTTP) and redirect traffic to port 443 (HTTPS). Ensure that the SSL/TLS certificate is properly associated with the HTTPS listener.
- 3.
Check SSL/TLS certificate: Confirm that the SSL/TLS certificate is valid and properly installed on the load balancer. Ensure that the certificate covers the domains and subdomains being accessed and that it has not expired.
- 4.
Inspect target group health checks: If the target group associated with the load balancer reports instances as unhealthy, review the health check settings. Make sure that the target instances are correctly configured and sending valid responses.
Configuration
To configure the ELB application load balancer to redirect HTTP requests to HTTPS, follow these steps:
- 1.
Open the AWS Management Console and navigate to the EC2 Dashboard.
- 2.
In the navigation pane, click on "Load Balancers" under the "Load Balancing" section.
- 3.
Select the desired ELB application load balancer from the list.
- 4.
Click on the "Listeners" tab at the bottom.
- 5.
Verify that there is an HTTP listener (port 80) and an HTTPS listener (port 443) present. If not, add an HTTPS listener by clicking "Add listener" and selecting HTTPS.
- 6.
Edit the HTTP listener by clicking on the pencil icon next to it.
- 7.
In the "Default actions" section, click on "+ Add action" and select "Redirect".
- 8.
Configure the redirect action to redirect all HTTP requests to HTTPS:
- Redirects to:
HTTPS - Redirects from port:
80 - Protocol:
HTTPS - Port:
443 - Status code:
HTTP_301
- 9.
Click "Save" to apply the changes.
- 10.
Test the redirection by accessing your application using HTTP. The ELB should automatically redirect the request to HTTPS.
Conclusion
By configuring ELB application load balancers to redirect HTTP requests to HTTPS, you ensure that all communication with your application is encrypted. This aligns with the CISA-Cyber Essentials guidelines for improving security and safeguarding sensitive information. Remember to troubleshoot any issues that may arise during the configuration process to ensure a smooth transition.