Hello, we run several workloads in AWS, most of them behind a single ALB.
The ALB relies on rules, forwarding traffic to the correct target group based on host header. In summary:
s2are attached to the same ALB
- TLS is terminated by ALB
- ALB forwards traffic by
- The Twingate user is only allowed access to
s1via a FQDN resource
The situation: running a
curl -H 'Host: s2.test.domain.com' https://s1.test.domain.com/ allows the user to access s2 despite only having access to s1.
Is this something that could be mitigated in Twingate?