Skip to main content

πŸ’Ό [ELB.4] Application Load Balancer should be configured to drop invalid http headers

  • Contextual name: πŸ’Ό [ELB.4] Application Load Balancer should be configured to drop invalid http headers

  • ID: /frameworks/aws-fsbp-v1.0.0/elb/04

  • Located in: πŸ’Ό Elastic Load Balancing (ELB)

Description​

By default, Application Load Balancers are not configured to drop invalid HTTP header values. Removing these header values prevents HTTP desync attacks.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(4) Boundary Protection _ External Telecommunications Services17
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling2
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software.

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags