The application load balancer is not set to drop invalid headers Affecting ELB service in AWS

Snyk CCSS

Network / Best Practices

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM

Snyk ID SNYK-CC-00345
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Maliciously crafted headers may be accepted by the load balancer.

How to fix?

Set Properties.LoadBalancerAttributes.Key to routing.http.drop_invalid_header_fields.enabled and Properties.LoadBalancerAttributes.Value to true.

CloudFormation

Terraform

References

alb-http-drop-invalid-header-enabled.html