top of page
ELB.4
Application load balancer should be configured to drop http headers
Severity
Cloud Platforms
Resources
Related Standards
Automated
MEDIUM
AWS
Elastic Load Balancing
AWS Foundational Best Practice, NIST.800-53.r5,
This control evaluates AWS Application Load Balancers (ALB) to ensure they are configured to drop http headers. By default; ALBs are not configured to drop invalid http header values. This control evaluates all ALBs fails if the attribute value of routing.http.drop_invalid_header_fields.enabled is set to false.
bottom of page