Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > Elb >

Drop Invalid Headers

HIGH
Source
Trivy
ID
AVD-AWS-0052
terraform

Load balancers should drop invalid headers

Passing unknown or invalid headers through to the target poses a potential risk of compromise. By setting drop_invalid_header_fields to true, anything that does not conform to well known, defined headers will be removed by the load balancer.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Set drop_invalid_header_fields to true

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

resource "aws_alb" "good_example" {
  name               = "good_alb"
  internal           = false
  load_balancer_type = "application"

  access_logs {
    bucket  = aws_s3_bucket.lb_logs.bucket
    prefix  = "test-lb"
    enabled = true
  }

  drop_invalid_header_fields = true
}
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use