Open riverad03 opened 2 months ago
As far as I understand you want to change ALB attributes https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_LoadBalancerAttribute.html
The feature request should allow to define an annotation to set LB Attribute routing.http.drop_invalid_header_fields.enabled
.
Problem to Solve
Security Hub Issue ELB.4 can not be supported without the support of the drop_invalid_header_fields.enabled bool configuration Allowing for this change to ALB configurations of Kube clusters. This control evaluates AWS Application Load Balancers (ALB) to ensure they are configured to drop http headers. By default, ALBs are not configured to drop invalid http header values.
What is the goal of the topic? (optional)
configure an ALB to dropInvalidHttpHeaders when the annotation
zalando.org/aws-load-balancer-drop-headers
is configured totrue
.Impact
This will allow Security Hub Issue ELB.4 to be supported in Kubernetes Ingress and RouteGroups
Solution
What needs to be changed
Change code that manages ALB configuration for Kube Clusters and allow for the dropInvalidHttpHeaders.enabled value to be set, and then implement the configuration change on the ALB implementation code to support the configuration
Create test cases for this configuration
Acceptance Criteria
Test run showing the setting set, and the mock has the value set or not set