Nifcloud ELB Listener Use HTTP Protocol
- Query id: afcb0771-4f94-44ed-ad4a-9f73f11ce6e0
- Query name: Nifcloud ELB Listener Use HTTP Protocol
- Platform: Terraform
- Severity: High
- Category: Insecure Configurations
- URL: Github
Description¶
The elb listener use http protocol
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "nifcloud_elb_listener" "positive" {
elb_id = nifcloud_elb.positive.id
instance_port = 80
protocol = "HTTP"
lb_port = 80
}
resource "nifcloud_elb" "positive" {
availability_zone = "east-11"
instance_port = 8080
protocol = "HTTP"
lb_port = 8080
network_interface {
network_id = "net-COMMON_GLOBAL"
is_vip_network = true
}
}
Positive test num. 2 - tf file
resource "nifcloud_elb_listener" "positive" {
elb_id = nifcloud_elb.positive.id
instance_port = 80
protocol = "HTTP"
lb_port = 80
}
resource "nifcloud_elb" "positive" {
availability_zone = "east-11"
instance_port = 8080
protocol = "HTTP"
lb_port = 8080
network_interface {
network_id = "net-COMMON_GLOBAL"
is_vip_network = true
}
network_interface {
network_id = "net-COMMON_PRIVATE"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "nifcloud_elb_listener" "negative" {
elb_id = nifcloud_elb.negative.id
instance_port = 1443
protocol = "HTTPS"
lb_port = 1443
}
resource "nifcloud_elb" "negative" {
availability_zone = "east-11"
instance_port = 443
protocol = "HTTPS"
lb_port = 443
network_interface {
network_id = "net-COMMON_GLOBAL"
is_vip_network = true
}
}