FQDN restriction bypass via host-header and AWS ALB

Hello, we run several workloads in AWS, most of them behind a single ALB.
The ALB relies on rules, forwarding traffic to the correct target group based on host header. In summary:

  • services s1 and s2 are attached to the same ALB
  • TLS is terminated by ALB
  • ALB forwards traffic by Host header
  • The Twingate user is only allowed access to s1 via a FQDN resource

The situation: running a curl -H 'Host: s2.test.domain.com' https://s1.test.domain.com/ allows the user to access s2 despite only having access to s1.

Is this something that could be mitigated in Twingate?

Hi @nicopsf,

there is no current way to leverage Twingate to mitigate this as far as I know but I have reported it internally to the team for consideration in future releases.

1 Like