For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

uni's avatar
uni
Icon for Altocumulus rankAltocumulus
Mar 23, 2018

ASM policy not blocking invalid host headers

I've trying to limit access to a specific hostname. I've added the desired host name in Security/Application/Headers/Host Names. The policy is enforcing (e.g. GeoIP blocking is working), but it still...
application delivery
ASM Advanced WAF
René_Geile's avatar
René_Geile
Icon for Cirrus rankCirrus
Mar 23, 2018

Hi,

 

you allways need two parts for ASM features:

 

  1. Configure the feature (i.e. define valid Host Headers, define valid methods)

     

  2. Configure Blocking/Learning/Alerting for the violations of the features.

     

See Security- Application Security : Policy Building : Learning and Blocking Settings

 

Section "HTTP Compliance": Enable blocking. Enable all host header related subitems in this section. (Bad Host Header value, Host header contains an IP address...)

 

Section "headers" : Enable "blocking" for violation "illegal methods"