Rule: ELB Application Load Balancers Should Drop HTTP Headers
This rule requires ELB application load balancers to drop HTTP headers for enhanced security measures.
| Rule | ELB application load balancers should be drop HTTP headers |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ High |
Rule Description:
The rule "ELB application load balancers should drop HTTP headers for FedRAMP Low Revision 4" ensures that Elastic Load Balancers (ELB) configured as application load balancers in the AWS environment comply with the security requirements established by the FedRAMP Low Revision 4 standards. This rule specifically focuses on dropping certain HTTP headers to enhance the security posture of the load balancers.
Troubleshooting Steps:
- 1.
Validate Load Balancer Configuration: Ensure that the Load Balancer is correctly configured as an application load balancer and is associated with the appropriate target groups and instances.
- Use the AWS Management Console or AWS CLI to verify the Load Balancer configuration.
- 2.
Check HTTP Header Dropping Configuration: Verify if the Load Balancer is dropping the required HTTP headers.
- Access the Load Balancer's settings and review the HTTP headers under the "Listeners" or "Rules" section.
- Confirm that the necessary headers are set to drop when requests are received by the Load Balancer.
- 3.
Review Logging and Monitoring: Inspect the ELB logs, CloudWatch Metrics, or other monitoring tools to identify any potential issues related to dropped headers or invalid configurations.
Necessary Codes:
There are no specific codes required for this rule. The necessary configuration changes will be performed through the AWS Management Console or CLI.
Remediation Steps:
Note: Ensure you have the required permissions to perform the following actions.
- 1.
Open the AWS Management Console and navigate to the EC2 service.
- 2.
In the EC2 Dashboard, click on "Load Balancers" in the left navigation menu.
- 3.
Select the application Load Balancer that needs to be configured.
- 4.
Go to the "Listeners" tab and select the listener for which you want to drop HTTP headers.
- 5.
Under the "Rules" section, click on the "View/edit rules" button.
- 6.
Identify the rule that handles HTTP traffic and Edit it.
- 7.
In the Rule editor, locate the section for HTTP request headers.
- 8.
For each header that needs to be dropped, remove it from the list of headers.
- 9.
Save the changes and exit the rule editor.
- 10.
Validate the updated configuration by performing tests against the Load Balancer and confirming that the specified headers are dropped.
- 11.
Repeat these steps for any other relevant listeners or Load Balancers in your environment.
Note: Make sure to follow your organization's change management and testing processes before implementing any configuration changes in a production environment.
By following these steps, you can ensure that your ELB application load balancers drop the necessary HTTP headers to comply with the FedRAMP Low Revision 4 standards.