Network misconfigurations

Application Load Balancer without HTTPS redirection


Application Load Balancers (ALB) are used to route HTTP and HTTPS traffic of web applications. HTTP and HTTPS are application-layer protocols used to transfer data between server and client (sender and receiver) over the web. HTTPS is an extension of the HTTP protocol which adds encryption and authentication to the HTTP traffic for secured communication. In order for the application load balancer to receive HTTP and HTTPS requests, a listener must be assigned to it. A Listener is a process that checks for connection requests by checking a configured protocol and port defined in a rule. It was found that the ALB '{AwsEc2Elbv2}' accepts incoming HTTP requests without HTTPS redirection configured. Accepting HTTP requests is considered insecure and may put your data at risk.
  • Recommended Mitigation

    It is recommended to configure a rule for the application load balancer listener to redirect all HTTP requests to HTTPS. To configure the load balancer, follow the instructions at: <a href="" target="_blank" rel="noopener noreferrer"></a>