Aqua CSPM

Load Balancer HTTPS Only

Quick Info

Plugin TitleLoad Balancer HTTPS Only
CloudORACLE
CategoryNetworking
DescriptionEnsures LBs are configured to only accept connections on HTTPS ports.
More InfoFor maximum security, LBs can be configured to only accept HTTPS connections. Standard HTTP connections will be blocked. This should only be done if the client application is configured to query HTTPS directly and not rely on a redirect from HTTP.
ORACLE Linkhttps://docs.cloud.oracle.com/iaas/Content/Balance/Tasks/managinglisteners.htm
Recommended ActionRemove non-HTTPS listeners from load balancer.

Detailed Remediation Steps

  1. Log in to the Google Oracle Platform Console.
  2. Scroll down the left navigation panel and choose the “Load Balancers” under the “Networking.”
  3. On the “Load Balancers” page, select the “Load Balancer” by clicking on the “Name” as a link to access the “Load Balancer.“ <img src=”/resources/oracle/networking/load-balancer-https-only/step3.png)
  4. On the “Load Balancer Details” page, scroll down and select “Listeners” under the “Resources”.
  5. Check if there is any non-HTTPS listeners attached with the “Load balancer”. Non-HTTPS listeners are not suggested as best practices under GCP.
  6. Repeat steps number 2 - 5 to check other “Load balancer” in the accounts.
  7. Navigate to “Load balancers” under the “Networking”, click on the “Name” as a link to access the “Load balancer” which needs to modify the “Listeners” attached.
  8. Click on the “Listners” option under the “Resources” to remove any non-HTTPS lister.
  9. Click on the 3dots at the extreme right to open the “Options” tab and click on the “Delete” option to remove the non-HTTPS listener.
  10. On the “Delete Listener” tab, click on the “Delete” button to make the changes.
  11. Create a HTTPS listeners and attached the SSL’s as per the company policy.
  12. Repeat steps number 7 - 10 to remove non-HTTPS listeners from load balancer.