- Newest
- Most votes
- Most comments
The scenario you've described indeed exposes the internal ALB name in the 'Location' header when a 301 redirect is issued. While not a critical vulnerability, it provides unnecessary information that could potentially be used in sophisticated attacks.
This seems to be the default behavior of ALB when handling redirects. To mitigate this, you have a few options:
ALB Listener Rule: Add a Listener Rule on your ALB to handle the HTTP to HTTPS redirection, instead of having your backend do it. This way, the ALB name should not be exposed in the location header.
Lambda@Edge: Use Lambda@Edge on CloudFront to modify the headers to strip out any sensitive information.
Nginx Proxy: If you're using an Nginx server, you can use it as a proxy and modify the 'Location' header to avoid exposing the internal hostname.
Relevant content
- asked a year ago
- asked 11 days ago
- asked 5 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago