top of page

ELB.4

Application load balancer should be configured to drop http headers

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

Elastic Load Balancing

AWS Foundational Best Practice, NIST.800-53.r5,

This control evaluates AWS Application Load Balancers (ALB) to ensure they are configured to drop http headers. By default; ALBs are not configured to drop invalid http header values. This control evaluates all ALBs fails if the attribute value of routing.http.drop_invalid_header_fields.enabled is set to false.

bottom of page