Network misconfigurations

Application Load Balancer without HTTPS redirection

Risk Level

Informational (4)



Application Load Balancers (ALB) are used to route HTTP and HTTPS traffic of web applications. HTTP and HTTPS are application-layer protocols used to transfer data between server and client (sender and receiver) over the web. HTTPS is an extension of the HTTP protocol which adds encryption and authentication to the HTTP traffic for secured communication. In order for the application load balancer to receive HTTP and HTTPS requests, a listener must be assigned to it. A Listener is a process that checks for connection requests by checking a configured protocol and port defined in a rule. It was found that the ALB '{AwsEc2Elbv2}' accepts incoming HTTP requests without HTTPS redirection configured. Accepting HTTP requests is considered insecure and may put your data at risk.