Skip to main content

💼 [ELB.4] Application Load Balancer should be configured to drop invalid http headers

ID: /frameworks/aws-fsbp-v1.0.0/elb/04

Description

By default, Application Load Balancers are not configured to drop invalid HTTP header values. Removing these header values prevents HTTP desync attacks.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-4
Internal
- ID: dec-c-2a4d3f5a

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services			46		no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling			15		no data
💼 PCI DSS v4.0.1 → 💼 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software.			5		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS ELB Application Load Balancer is not configured to drop invalid HTTP headers🟢	1	🟢 x6	no data

Description
Similar
Similar Sections (Give Policies To)
Sub Sections
Policies (1)