Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: ELB Application Load Balancers Should Drop HTTP Headers

This rule ensures that ELB application load balancers drop HTTP headers for security compliance.

RuleELB application load balancers should be drop HTTP headers
FrameworkNIST 800-53 Revision 4
Severity
High

Rule Description

According to the NIST 800-53 Revision 4 compliance standard, ELB (Elastic Load Balancer) application load balancers should drop specific HTTP headers to ensure information security and prevent potential vulnerabilities.

Troubleshooting Steps

  2. 1.
    Verify the target headers: Identify the specific HTTP headers that need to be dropped according to the NIST 800-53 Revision 4 compliance standard. Refer to the NIST guidelines for the specific headers that should be dropped.
  4. 2.
    Check ELB configuration: Ensure that you have permission to modify the configuration of the ELB load balancer.
  6. 3.
    Verify ELB protocols: Make sure that the ELB is operating on the desired protocols such as HTTP or HTTPS.
  8. 4.
    Determine the listener rules: Identify the listener rules associated with the ELB. These rules will need to be modified to drop the specified headers.

Necessary Codes

The following AWS CLI command can be used to drop specific headers from the ELB application load balancer:

aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes Key=deletion-protections.enabled,Value=false

Step-by-Step Guide for Remediation

Please follow the steps below to remediate the ELB application load balancer according to the NIST 800-53 Revision 4 compliance requirements:

  2. 1.
    Identify the specific HTTP headers that should be dropped according to the NIST 800-53 Revision 4 compliance standard.
  4. 2.
    Log in to the AWS Management Console.
  6. 3.
    Navigate to the EC2 Dashboard.
  8. 4.
    Click on "Load Balancers" from the left-hand menu.
  10. 5.
    Select the ELB application load balancer that needs to be modified.
  12. 6.
    Make a note of the Load Balancer ARN associated with the ELB.
  14. 7.
    Open the AWS CLI or AWS CLI shell.
  16. 8.
    Use the following command to drop the specified headers:
aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes Key=deletion-protections.enabled,Value=false

Replace 

<load_balancer_arn>
with the actual Load Balancer ARN obtained in step 6.

  2. 1.
    Wait for the command to execute successfully and confirm that the headers have been dropped.

Note: It is advisable to test the changes in a staging or testing environment before implementing them in a production environment.

By following the above steps, you will be able to drop specific HTTP headers for your ELB application load balancer, ensuring compliance with the NIST 800-53 Revision 4 standard.

Is your System Free of Underlying Vulnerabilities?
Find Out Now