Nifcloud ELB Listener Use HTTP Protocol

  • Query id: afcb0771-4f94-44ed-ad4a-9f73f11ce6e0
  • Query name: Nifcloud ELB Listener Use HTTP Protocol
  • Platform: Terraform
  • Severity: High
  • Category: Insecure Configurations
  • URL: Github

Description

The elb listener use http protocol
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "nifcloud_elb_listener" "positive" {
  elb_id        = nifcloud_elb.positive.id
  instance_port = 80
  protocol      = "HTTP"
  lb_port       = 80
}

resource "nifcloud_elb" "positive" {
  availability_zone = "east-11"
  instance_port     = 8080
  protocol          = "HTTP"
  lb_port           = 8080

  network_interface {
    network_id     = "net-COMMON_GLOBAL"
    is_vip_network = true
  }
}
Positive test num. 2 - tf file
resource "nifcloud_elb_listener" "positive" {
  elb_id        = nifcloud_elb.positive.id
  instance_port = 80
  protocol      = "HTTP"
  lb_port       = 80
}

resource "nifcloud_elb" "positive" {
  availability_zone = "east-11"
  instance_port     = 8080
  protocol          = "HTTP"
  lb_port           = 8080

  network_interface {
    network_id     = "net-COMMON_GLOBAL"
    is_vip_network = true
  }

  network_interface {
    network_id     = "net-COMMON_PRIVATE"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "nifcloud_elb_listener" "negative" {
  elb_id        = nifcloud_elb.negative.id
  instance_port = 1443
  protocol      = "HTTPS"
  lb_port       = 1443
}

resource "nifcloud_elb" "negative" {
  availability_zone = "east-11"
  instance_port     = 443
  protocol          = "HTTPS"
  lb_port           = 443

  network_interface {
    network_id     = "net-COMMON_GLOBAL"
    is_vip_network = true
  }
}