Checks whether the Header actions are removed from the HTTP listeners of Application Load Balancer (ALB) instances. If so, the evaluation result is Compliant.
Scenarios
This rule helps remove unnecessary or sensitive headers to reduce the risk of exposing sensitive information, protect user privacy, simplify back-end processing, and prevent conflicts or duplicates. This rule can also help meet compliance requirements.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
Checks whether the Header actions are removed from the HTTP listeners of Application Load Balancer (ALB) instances. If so, the evaluation result is Compliant.
Rule details
Parameter | Description |
Rule Template Name | alb-http-drop-invalid-header-enabled |
Rule Template Identifier | |
Tag | ALB |
Automatic remediation | Not supported |
Invoke Type | Periodic: Every 24 hours |
Supported resource type | ALB instance (ACS::ALB::LoadBalancer) |
Input parameter | N/A |
Non-compliance remediation
Remove the Header actions from the HTTP listeners of ALB instances. For more information, see Manage forwarding rules for a listener.