This rule focuses on ensuring ELB application load balancers drop HTTP headers to enhance security.
Rule | ELB application load balancers should be drop HTTP headers |
Framework | NIST Cybersecurity Framework (CSF) v1.1 |
Severity | ✔ High |
Description:
ELB application load balancers play a crucial role in distributing incoming traffic across multiple resources, such as web servers, to ensure optimal performance and availability. However, to comply with the NIST Cybersecurity Framework (CSF) v1, it is necessary to drop certain HTTP headers to minimize potential security risks.
Policy/Rules:
The policy requires ELB application load balancers to drop specific HTTP headers that might expose sensitive information or introduce vulnerabilities. These headers should not be forwarded to the backend resources.
Troubleshooting Steps (if any):
If there are any issues, follow the troubleshooting steps mentioned below:
Necessary Codes (if any):
There are no specific codes for this rule. The rule requires the appropriate configuration for the ELB application load balancer.
Remediation Steps:
To comply with the policy of dropping HTTP headers as per the NIST Cybersecurity Framework (CSF) v1, follow these steps:
CLI Commands (if required):
There are no specific CLI commands required for this policy. The remediation steps can be performed easily through the AWS Management Console.