Set HTTP Redirection Across AWS Application Load Balancers
Learn how to use your load balancer to set a rule for redirecting HTTP traffic to HTTPS in this step-by-step tutorial.
Learn how to use your load balancer to set a rule for redirecting HTTP traffic to HTTPS in this step-by-step tutorial.
Web encryption protocols like Secure Sockets Layer (SSL) and Transport Layer Security (TLS) have been around for nearly three decades. By securing web data in transit, these security measures ensure that third parties can’t simply intercept unencrypted data and cause harm.
Hypertext Transfer Protocol Secure (HTTPS) uses the underlying SSL/TLS technology and is the standard way to communicate web data in an encrypted and authenticated manner, compared to the unsecured HTTP protocol.
If you want to enforce encryption on all data interacting with your service or application, you can do this by setting up a rule handled by your load balancer.
In this post, we’ll show you how to implement the industry best practice of redirecting all unencrypted HTTP data to the secure HTTPS protocol.
To set rules for your load balancer, you configure them at the listener-level.
Listeners are processes that check for connection requests based on your port and protocol configurations. For example, you can use a listener to move functions required to perform encryption and decryption over to a load balancer. That way, your applications are free to focus on running internal business logic.
AWS listeners come set up with a default rule, which defines how the load balancer routes incoming requests. Developers have the option of defining additional rules for each listener. Every rule contains a priority, at least one action, and at least one condition. Users are free to create or update new rules for listeners as needed.
Redirects give web servers the ability to move navigation from one URL to another. This means you can send HTTP requests directly to more secure HTTPS URLs. This standard best practice helps organizations achieve better security governance and hit compliance goals by providing more secure browsing to users. Using redirects also helps organizations achieve higher search results and a better Secure Sockets Layer (SSL) /Transport Security Layer (TLS) score for websites.
If you know you don’t already have this set up and want to add this rule, you can skip to Step 3 with the Amazon CLI in the following section.
Here are the steps to locating any load balancers that do not have an HTTP redirect configured, and then adding one:
If you want to use the AWS CLI instead, here are the CLI steps for finding load balancers and configuring them with HTTPS redirects.
This command lists all of the ARNs, or Amazon Resource Names, for any ALBs located in your chosen AWS region.
This command will output descriptions for each of the HTTP listeners set up for an ALB.
You will need to add this rule to each HTTP listener.
Now that you know how to set up these redirect rules, you’ll be able to enforce encrypted communication between your application and end-users using SSL.
Instead of having to look up the specific command for each of these actions, you could use a low-code tool like Blink to find and fix vulnerable resources in a couple clicks.
With Blink, you can run this check using an automation like this one:
This automation is available in the Blink library. When it runs, it does the following steps:
This simple automation is easy to customize. Run it on a schedule or send the report via email, Slack, or Teams.
There are over 5K automations in the Blink library to choose from, or you can build your own to match your unique needs.
Get started with Blink today and see how easy automation can be.
Blink is secure, decentralized, and cloud-native. Get modern cloud and security operations today.