0

ALB is attached with 2 listeners, https and http being redirected to https(port 443) with same host, path, query as per below. And a route 53 alias record forwards the sales.company.com to this ALB.

LBListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        -
          Type: 'redirect'
          RedirectConfig:
            Protocol: 'HTTPS'
            Port: 443
            Host: '#{host}'
            Path: '/#{path}'
            Query: '#{query}'
            StatusCode: 'HTTP_301'
      LoadBalancerArn: 'LBArn'
      Port: 80
      Protocol: 'HTTP'

Https listener is attached with a ssl certificate created for sales.company.com.

When I access https://sales.company.com through browser then I see the connection is secure and everything works fine. But when I access it with http://sales.company.com then connection is not secure, why ? And how can this be made secure ?

UPDATED - Added screen shot of ALB Added screen shot

enter image description here

user10916892
  • 825
  • 12
  • 33
  • 1
    Redirect config actually looks fine. Can you maybe share a screenshot of the actual listener configuration in AWS? Does the site load when you go to the http site? If so, do you have any listener rules attached to the same listener (should be visible on the screenshot). – LRutten Sep 08 '21 at 13:40
  • @LRutten - not sure what screen shot you needed, but i have attached one in question. Yes site loads fine with http but on a unsecure connection and there are no additional rules attached to this http listener. – user10916892 Sep 08 '21 at 13:54
  • Thats strange.. so even though there is a redirect rule in place, the listener doesn't redirect to https, correct? – LRutten Sep 08 '21 at 14:33
  • @LRutten - I think redirect is happening but is not secure that's why app is able to load. Because there is no target group associated with HTTP listener so there is no way this listener can server the requests other than redirection. – user10916892 Sep 09 '21 at 02:25
  • Does it give you info on why it thinks its insecure? – LRutten Sep 09 '21 at 06:56

1 Answers1

0

I have re-created my whole infrastructure stack and it resolved the problem for me without any change in the configurations mentioned in the question so i am marking it resolved.

user10916892
  • 825
  • 12
  • 33