AWS Application Load Balancer introduces header modification for enhanced traffic control and security
Share
Services
Application Load Balancer (ALB) now supports HTTP request and response header modification giving you greater controls to manage your application’s traffic and security posture without having to alter your application code.
This feature introduces three key capabilities: renaming specific load balancer generated headers, inserting specific response headers, and disabling server response header. With header rename, you can now rename all ALB generated Transport Layer Security (TLS) headers that the load balancer adds to requests, which includes the six mTLS headers and two TLS headers (version and cipher). This capability enables seamless integration with existing applications that expect headers in a specific format, thereby minimizing changes to your backends while using TLS features on the ALB. With header insertion, you can insert custom headers related to Cross-Origin Resource Sharing (CORS) and critical security headers like HTTP Strict-Transport-Security (HSTS). Finally, the capability to disable the ALB generated “Server” header in responses reduces exposure of server-specific information, adding an extra layer of protection to your application. These response header modification features give you the ability to centrally enforce your organizations security posture at the load balancer instead of enforcement at individual applications, which can be prone to errors.
You can configure Header Modification feature using AWS APIs, AWS CLI, or the AWS Management Console. This feature is available for ALBs in [all commercial AWS Regions](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/), [AWS GovCloud (US) Regions](https://aws.amazon.com/govcloud-us/) and [China Regions](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/#AWS%5FChina%5FRegions%2A). To learn more, refer to the [ALB documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/header-modification.html).
What else is happening at Amazon Web Services?
Amazon CloudFront now supports additional log formats and destinations for access logs
in about 12 hours
Services
Share
Read update
Services
Share
Read update
Services
Share
Amazon EC2 G6e instances now available in additional regions
about 12 hours ago
Services
Share
Amazon CloudWatch Synthetics now supports Playwright runtime to create canaries with NodeJS
about 13 hours ago
Services
Share
Announcing new Amazon CloudWatch Metrics for AWS Lambda Event Source Mappings (ESMs)
about 13 hours ago
Services
Share