Skip to main content

💼 [ELB.4] Application Load Balancer should be configured to drop invalid http headers

Contextual name: 💼 [ELB.4] Application Load Balancer should be configured to drop invalid http headers
ID: /frameworks/aws-fsbp-v1.0.0/elb/04
Located in: 💼 Elastic Load Balancing (ELB)

Description

By default, Application Load Balancers are not configured to drop invalid HTTP header values. Removing these header values prevents HTTP desync attacks.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-4
Internal
- ID: dec-c-2a4d3f5a

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services			28
💼 NIST SP 800-53 Revision 5 → 💼 SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling			7
💼 PCI DSS v4.0.1 → 💼 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software.

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Description
Similar
Similar Sections (Give Policies To)
Sub Sections