Rule: ELB Application Load Balancers Redirect HTTP to HTTPS
This rule ensures ELB application load balancers redirect HTTP requests to HTTPS for secure communication.
| Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Medium |
Rule Description
This rule ensures that all HTTP requests made to an ELB (Elastic Load Balancer) Application Load Balancer are redirected to HTTPS. This is done to enforce secure communication and align with the requirements specified in NIST 800-53 Revision 5.
Troubleshooting Steps (if applicable)
If you encounter any issues while implementing this rule, follow these troubleshooting steps:
- 1.Check for any misconfiguration: Ensure that the rules and settings are correctly applied to the ELB and its associated resources.
- 2.Verify SSL/TLS certificate: Check if the SSL/TLS certificate is valid and correctly configured on the ELB.
- 3.Verify listener configuration: Ensure that the listener on the ELB is properly configured to listen for both HTTP and HTTPS traffic.
- 4.Check security group rules: Confirm that the security group associated with the ELB allows traffic on both HTTP (port 80) and HTTPS (port 443).
- 5.Review target group configuration: Make sure that the target group associated with the ELB is correctly configured to handle HTTPS traffic.
Necessary Code (if applicable)
No specific code is required for this rule. The configuration settings of the ELB application load balancer need to be adjusted.
Step-by-Step Guide for Remediation
Follow these steps to redirect HTTP requests to HTTPS for an ELB Application Load Balancer:
- 1.
Identify the ELB: Determine the name or ID of the ELB Application Load Balancer that requires the HTTP to HTTPS redirection.
- 2.
Open AWS Management Console: Log in to the AWS Management Console using your credentials.
- 3.
Navigate to EC2 Dashboard: Once logged in, navigate to the EC2 dashboard.
- 4.
Select Load Balancers: In the EC2 dashboard, click on "Load Balancers" under the "Load Balancing" section.
- 5.
Choose the ELB: Identify and select the specific ELB Application Load Balancer from the list.
- 6.
Configure Listeners: In the ELB details page, navigate to the "Listeners" tab.
- 7.
Add HTTPS listener: Click "Add listener" and choose HTTPS as the protocol. Configure the appropriate SSL/TLS certificate for secure communication.
- 8.
Add HTTP listener: Click "Add listener" again, but this time choose HTTP as the protocol. Leave the SSL/TLS certificate option unchanged.
- 9.
Configure HTTP listener: While creating the HTTP listener, enable the "Redirect HTTP to HTTPS" option. This will automatically redirect all HTTP traffic to HTTPS.
- 10.
Verify and apply changes: Review the listener configuration and ensure that the redirect rule is correctly set. Click "Save" or "Apply changes" to save the configuration.
- 11.
Test the redirection: Open a web browser and enter the ELB's DNS name or IP address using HTTP (e.g., http://example-elb.com). The request should now automatically redirect to HTTPS.
- 12.
Repeat for additional ELBs: If you have multiple ELB Application Load Balancers, repeat steps 5-11 for each ELB that requires HTTP to HTTPS redirection.
By following these steps, you will successfully configure an ELB Application Load Balancer to redirect all HTTP requests to HTTPS, ensuring compliance with NIST 800-53 Revision 5 requirements.