Back to All Checks
Medium ELB Regional

Application Load Balancer should be configured with defensive or strictest desync mitigation mode

NIST

Description

This check ensures that Application Load Balancers are configured with either defensive or strictest desync mitigation mode to protect against HTTP desync attacks.

Remediation

To configure desync mitigation mode for Application Load Balancers, follow these steps:

Steps

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
  2. On the navigation pane, under LOAD BALANCING, choose Load Balancers.
  3. Select the Application Load Balancer.
  4. Choose the Description tab, and find the Attributes section.
  5. If 'routing.http.desync_mitigation_mode' is not set to 'defensive' or 'strictest', choose Edit attributes.
  6. Set 'routing.http.desync_mitigation_mode' to 'defensive' or 'strictest'.

Compliance

NIST
Start Your Free Security Check