DesyncMitigationMode
- class aws_cdk.aws_elasticloadbalancingv2.DesyncMitigationMode(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)
Bases:
EnumHow the load balancer handles requests that might pose a security risk to your application.
- See:
- ExampleMetadata:
infused
Example:
# vpc: ec2.Vpc lb = elbv2.ApplicationLoadBalancer(self, "LB", vpc=vpc, internet_facing=True, # Whether HTTP/2 is enabled http2_enabled=False, # The idle timeout value, in seconds idle_timeout=Duration.seconds(1000), # Whether HTTP headers with header fields that are not valid # are removed by the load balancer (true), or routed to targets drop_invalid_header_fields=True, # How the load balancer handles requests that might # pose a security risk to your application desync_mitigation_mode=elbv2.DesyncMitigationMode.DEFENSIVE, # The type of IP addresses to use. ip_address_type=elbv2.IpAddressType.IPV4, # The duration of client keep-alive connections client_keep_alive=Duration.seconds(500), # Whether cross-zone load balancing is enabled. cross_zone_enabled=True, # Whether the load balancer blocks traffic through the Internet Gateway (IGW). deny_all_igw_traffic=False, # Whether to preserve host header in the request to the target preserve_host_header=True, # Whether to add the TLS information header to the request x_amzn_tls_version_and_cipher_suite_headers=True, # Whether the X-Forwarded-For header should preserve the source port preserve_xff_client_port=True, # The processing mode for X-Forwarded-For headers xff_header_processing_mode=elbv2.XffHeaderProcessingMode.APPEND, # Whether to allow a load balancer to route requests to targets if it is unable to forward the request to AWS WAF. waf_fail_open=True )
Attributes
- DEFENSIVE
Provides durable mitigation against HTTP desync while maintaining the availability of your application.
- MONITOR
Allows all traffic.
- STRICTEST
Receives only requests that comply with RFC 7230.