Hello, we run several workloads in AWS, most of them behind a single ALB.
The ALB relies on rules, forwarding traffic to the correct target group based on host header. In summary:
- services
s1
ands2
are attached to the same ALB - TLS is terminated by ALB
- ALB forwards traffic by
Host
header - The Twingate user is only allowed access to
s1
via a FQDN resource
The situation: running a curl -H 'Host: s2.test.domain.com' https://s1.test.domain.com/
allows the user to access s2 despite only having access to s1.
Is this something that could be mitigated in Twingate?
Thanks