F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

uni's avatar
uni
Icon for Altocumulus rankAltocumulus
Mar 22, 2018

ASM policy not blocking invalid host headers

I've trying to limit access to a specific hostname. I've added the desired host name in Security/Application/Headers/Host Names. The policy is enforcing (e.g. GeoIP blocking is working), but it still...
application delivery
ASM Advanced WAF
René_Geile's avatar
René_Geile
Icon for Cirrus rankCirrus
Mar 23, 2018

Hi,

 

you allways need two parts for ASM features:

 

  1. Configure the feature (i.e. define valid Host Headers, define valid methods)

     

  2. Configure Blocking/Learning/Alerting for the violations of the features.

     

See Security- Application Security : Policy Building : Learning and Blocking Settings

 

Section "HTTP Compliance": Enable blocking. Enable all host header related subitems in this section. (Bad Host Header value, Host header contains an IP address...)

 

Section "headers" : Enable "blocking" for violation "illegal methods"