ALB Listening on HTTP
- Query id: ee3b1557-9fb5-4685-a95d-93f1edf2a0d7
- Query name: ALB Listening on HTTP
- Platform: Terraform
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
Application Load Balancer (alb) Listener should not listen on HTTP
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_alb_listener" "positive" {
load_balancer_id = alicloud_alb_load_balancer.default_3.id
listener_protocol = "HTTP"
listener_port = 443
listener_description = "createdByTerraform"
default_actions {
type = "ForwardGroup"
forward_group_config {
server_group_tuples {
server_group_id = alicloud_alb_server_group.default.id
}
}
}
certificates {
certificate_id = join("", [alicloud_ssl_certificates_service_certificate.default.id, "-cn-hangzhou"])
}
acl_config {
acl_type = "White"
acl_relations {
acl_id = alicloud_alb_acl.example.id
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_alb_listener" "negative" {
load_balancer_id = alicloud_alb_load_balancer.default_3.id
listener_protocol = "HTTPS"
listener_port = 443
listener_description = "createdByTerraform"
default_actions {
type = "ForwardGroup"
forward_group_config {
server_group_tuples {
server_group_id = alicloud_alb_server_group.default.id
}
}
}
certificates {
certificate_id = join("", [alicloud_ssl_certificates_service_certificate.default.id, "-cn-hangzhou"])
}
acl_config {
acl_type = "White"
acl_relations {
acl_id = alicloud_alb_acl.example.id
}
}
}