💼 [ELB.4] Application Load Balancer should be configured to drop invalid http headers
- ID:
/frameworks/aws-fsbp-v1.0.0/elb/04
Description​
By default, Application Load Balancers are not configured to drop invalid HTTP header values. Removing these header values prevents HTTP desync attacks.
Similar​
- AWS Security Hub
- Internal
- ID:
dec-c-2a4d3f5a
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services | 28 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling | 7 | no data | |||
| 💼 PCI DSS v4.0.1 → 💼 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software. | 1 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|