Back to All Checks
Medium ELB Regional

Application Load Balancer should be configured to redirect all HTTP requests to HTTPS

PCI DSSNISTISO 27001HIPAA

Description

This check ensures that Application Load Balancers are configured to redirect all HTTP requests to HTTPS, enforcing the use of SSL/TLS for security best practices.

Remediation

To configure an Application Load Balancer to redirect all HTTP requests to HTTPS, follow these steps:

Steps

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
  2. On the navigation pane, under LOAD BALANCING, choose Load Balancers.
  3. Select the Application Load Balancer from the list.
  4. Choose the Listeners tab, and then choose View/edit rules for the HTTP listener (port 80).
  5. If there is no rule for redirection, choose Add rule.
  6. Choose Insert Rule, and then add a 'Redirect to...' action.
  7. Set the protocol to HTTPS, port to 443, and redirection status code to HTTP 301.
  8. Choose Save.

Compliance

PCI DSSNISTISO 27001HIPAA
Start Your Free Security Check