Rule: ELB Application Load Balancers Should Drop HTTP Headers

This rule specifies that ELB application load balancers must be configured to drop HTTP headers to enhance security.

Rule	ELB application load balancers should be drop HTTP headers
Framework	NIST 800-171 Revision 2
Severity	✔ High

Rule Description:

ELB application load balancers should drop certain HTTP headers to comply with NIST 800-171 Revision 2.

Description:

NIST 800-171 Revision 2 is a set of guidelines and requirements for protecting the confidentiality of Controlled Unclassified Information (CUI) in non-federal systems. As part of the compliance, ELB application load balancers must be configured to drop specific HTTP headers to ensure the security and protection of sensitive information.

Remediation Steps:

To comply with NIST 800-171 Revision 2, follow the steps below to configure the ELB application load balancer to drop the required HTTP headers:

1.

Identify the ELB application load balancer: Determine the specific load balancer you want to modify.

2.

Access the AWS Management Console: Open the AWS Management Console website and sign in to your AWS account.

3.

Navigate to the EC2 Dashboard: Find and select the "EC2" service from the list of available services.

4.

Locate the Load Balancers: In the EC2 Dashboard, click on the "Load Balancers" option from the sidebar navigation.

5.

Select the Load Balancer: Locate the target ELB application load balancer from the list and click on its name to open its details page.

6.

Configure Listener: In the load balancer's details page, go to the "Listeners" tab.

7.

Edit Listener: Select the HTTPS listener where you want to drop the HTTP headers and click on the "Edit" button.

8.

Drop HTTP Headers: In the "Edit Listener" dialog box, scroll down to the "Default action" section, and expand the "Advanced" options.

9.

Modify Action: Under the "Action" settings, select "Fixed-response" from the drop-down menu.

10.
Configure Fixed-response Action: In the "Fixed-response action" section, enter the following details:
- "HTTP Headers to Remove": Enter the HTTP headers you want to drop according to the NIST 800-171 Revision 2 requirements.
- "HTTP Response Code": Set an appropriate response code for rejected requests (e.g., 403 - Forbidden).

11.

Save Changes: Click on the "Save" button to apply the configuration changes to the ELB application load balancer.

12.

Verify Configuration: Test the load balancer with a sample request containing the headers you configured to drop. Verify that the load balancer is correctly dropping the specified headers.

Troubleshooting Steps:

In case you face any issues during the configuration process, consider the following troubleshooting steps:

Ensure proper access: Make sure you have the necessary permissions to modify the ELB application load balancer.
Double-check header names: Confirm that you are specifying the correct HTTP header names that need to be dropped according to the NIST 800-171 Revision 2 guidelines.
Review error messages: If you encounter any error messages or warnings during the configuration, carefully read and understand the provided details to identify potential issues.
Verify listener settings: Double-check that you are modifying the correct listener and applying the changes to the desired HTTPS listener.
For further assistance, consult AWS documentation or contact AWS support.

Example Configuration code:

Below is an example code snippet in AWS CLI format for modifying the listener settings to drop HTTP headers:

aws elbv2 modify-listener --listener-arn <listener_arn> --default-actions Type=fixed-response,FixedResponseConfig={ContentType=string,MessageBody=string,StatusCode=string}

Replace

<listener_arn>

with the actual ARN of the listener you want to modify. Adjust the command parameters according to your specific requirements.

Please note that this is just an example code snippet, and the actual command may vary based on your AWS CLI configuration and load balancer setup. Refer to AWS documentation for a detailed explanation of the command syntax and available options.

Remember to always test your configurations and consult official AWS documentation for the most accurate and up-to-date information.

Rule: ELB Application Load Balancers Should Drop HTTP Headers

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Example Configuration code:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Description:

Remediation Steps:

Troubleshooting Steps:

Example Configuration code:

Is your System Free of Underlying Vulnerabilities?
Find Out Now