Back to All Checks
Medium ELB Regional

Application Load Balancer should be configured to drop invalid http headers

NIST

Description

This check ensures that Application Load Balancers are configured to drop invalid HTTP headers. Dropping invalid headers can protect against potential header injection attacks and reduce the risk of malformed HTTP requests causing unexpected behavior.

Remediation

To remediate this issue, configure your load balancer to drop invalid header fields.

Steps

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the navigation pane, choose Load balancers.
  3. Choose the Application Load Balancer.
  4. From Actions, choose Edit attributes.
  5. Under Drop Invalid Header Fields, choose Enable.
  6. Choose Save.

Compliance

NIST
Start Your Free Security Check