Rule: ELB Application Load Balancers Should Redirect HTTP Requests to HTTPS
This rule ensures that ELB Application Load Balancers redirect HTTP requests to HTTPS, helping to enhance security and data protection.
| Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ Medium |
Rule Description:
The rule requires that all HTTP requests made to the Elastic Load Balancer (ELB) application load balancers should be redirected to HTTPS. This rule is in compliance with the RBI Cyber Security Framework, which mandates secure communication protocols for web applications.
Troubleshooting Steps:
If the redirection from HTTP to HTTPS is not working as expected, the following troubleshooting steps can be taken:
- 1.
Verify ELB Listener Configuration:
- Ensure that the ELB listener is correctly configured to listen on both ports 80 (HTTP) and 443 (HTTPS).
- Confirm that the SSL certificate is properly configured and associated with the HTTPS listener.
- 2.
Check Target Group Configuration:
- Verify that the target group used by the ELB is correctly associated with the appropriate backend instances or services.
- Ensure that the target group's health check settings are properly configured and the backend instances are in a healthy state.
- 3.
Review Security Group Rules:
- Check the security group associated with the backend instances for any rules blocking incoming HTTPS traffic on port 443.
- Validate that the security group allows incoming HTTP traffic on port 80 from the ELB.
- 4.
Verify SSL Certificate:
- Confirm that the SSL certificate used by the ELB is valid and not expired.
- Ensure that the certificate chain is complete and all necessary intermediate certificates are included.
- 5.
Verify Application Configuration:
- Review the application server or web server configuration to ensure it is correctly set up to handle HTTPS traffic.
- Check if any specific redirect rules or configurations in the application are conflicting with ELB redirection.
Necessary Codes:
No specific codes are required for this rule. The configuration settings of the ELB and associated resources need to be adjusted.
Step-by-Step Guide for Remediation:
Follow the steps below to remediate the violation and enable HTTP to HTTPS redirection for ELB application load balancers:
- 1.
Access the AWS Management Console and navigate to the EC2 service.
- 2.
From the EC2 Dashboard, select "Load Balancers" in the navigation pane.
- 3.
Choose the appropriate ELB application load balancer from the list.
- 4.
Under the "Listeners" tab, locate the listener configuration for port 80 (HTTP).
- 5.
Select the HTTP listener and click "Edit".
- 6.
In the Edit Listener dialog box, change the protocol for port 80 to HTTPS.
- 7.
Select the appropriate SSL certificate from the dropdown list.
- 8.
Leave the default settings for SSL policies unless you have specific requirements.
- 9.
Click "Save" to update the listener configuration.
- 10.
Verify that the HTTP to HTTPS redirection is now in effect by accessing the load balancer's DNS name or URL using HTTP. It should automatically redirect to the corresponding HTTPS URL.
- 11.
Monitor the ELB and associated resources for any issues and validate that the application functions properly over HTTPS.
Note: It may take a few minutes for the changes to take effect. Clear your browser cache or use an incognito/private browsing window to verify the redirection.
Conclusion:
By following the above steps, you can ensure that all HTTP requests made to the ELB application load balancers are automatically redirected to HTTPS in compliance with the RBI Cyber Security Framework.