ALB does not drop HTTP headers

Description

This policy ensures that Application Load Balancers (ALBs) are configured to drop HTTP headers that do not conform to RFC specifications. This improves security by preventing header injection attacks and other potential misuse of faulty headers.

Code Example

resource "aws_alb" "test_success" {
    name               = "test-lb-tf"
    internal           = false
                    load_balancer_type = "network"
                    subnets            = aws_subnet.public.*.id
 +                  drop_invalid_header_fields = true
}

Remediation

Terraform

Resource: aws_alb
Arguments: drop_invalid_header_fields

Rule Details

Field	Value
ID	IAC-0182
Severity	MEDIUM
IaC Type	Cloudformation
Frameworks	CloudFormation, Terraform, TerraformPlan, Serverless
Checkov ID	CKV_AWS_131

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

ALB does not drop HTTP headers

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

ALB does not drop HTTP headers ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

ALB does not drop HTTP headers

Description

Code Example

Remediation

Rule Details

References