top of page

ELB.4

Application load balancer should be configured to drop http headers

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

Elastic Load Balancing

AWS Foundational Best Practice, NIST.800-53.r5,

This control evaluates AWS Application Load Balancers (ALB) to ensure they are configured to drop http headers. By default; ALBs are not configured to drop invalid http header values. This control evaluates all ALBs fails if the attribute value of routing.http.drop_invalid_header_fields.enabled is set to false.

6pl org white ai logo.png

(C) Copyright 2023 6PILLARS CLOUD AUTOMATION PTY LTD

bottom of page