In an effort to compete with Google's ongoing war on their own customers, @awscloud has quietly rolled out a potentially breaking change to their Application Load Balancers. A thread.
-
-
If it helps anything, some providers breaking customer workflows is so frequent as to not be worth commenting upon. You folks get it right far more often than not.
-
Invalid HTTP header passing default for new ALBs is restored to pre-Nov11 behavior as of 8 PM PST (Nov 13). You can still configure each of your ALB's behavior via API.
End of conversation
New conversation -
-
-
The motivation here is to improve security for customers, and security is the only reason we make changes of this kind. But this wasn't expected to be an impacting change. We have been working pro-actively with customers (of all sizes) that we had already identified as impacted.
-
Scariest part was not knowing what counted as an invalid header. A blurb in https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html … saying that a valid header is ([a-z0-9]-)* would help. Difference between "oh, we can't have underscores in our headers" and "all of our x-custom headers going to get dropped??"
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.