Forum Discussion
NimbostratusDisable Host Name Check
Hi,
I would like to disable the Host Name check in the security policy. I mean, I would like to allow all Host Name. I've configured a Rapid Deployment Policy (RDP) and I've tried to configure a wildcard as Host Name but it is not possible in the security policy.
Is there any way to disable Host Name check?
Thanks!
8 Replies
- Nikoolayy1
MVP
Have allowed the hostnames under Headers > Host Names ?
https://support.f5.com/csp/article/K67438310
Also for the URL allowed or blocked objects the hostname is not important:
https://support.f5.com/csp/article/K74535942
Also you may check this:
https://support.f5.com/csp/article/K15473
Also can you add a security logging profile under the VIP and provide a screenshot or the error?
dromerotHi Nikoolayy1,
I would like to allow any Host Name or disable Host Name checks. I can't add a wildcard as a Host Name. I've attached an screenshot.
Thanks!
- Nikoolayy1
Can you test with different hostnames and a policy set to block and VIP with logging profile, to see if you will get blocked as you may not. In many cases the F5 will just gather a list of the hostnames,
If you get blocked provide screenshot of the violation.
Just as an info there is an option to learn hostnames automatically "Learning host names automatically
" but fist see if you are getting blocked.
https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/25.html
RadekRAltocumulus
Headers > Host Names is not intended to allow/deny some specific Host Name values.
It is intended to disable security policy protection when specific host name is used.
If you want to disable checking of Host header go to Policy building --> Learing and blocking settings and disable checks in "HTTP protocol compliance failed" group.
- dromerot
Hi Nikoolayy1,
I would like to disable Host Name checks, as a result, I was thinking to add a wildcard as Host Name, but it's not possible. I would like to allow ANY Host Name. There are not a list of Host Name allowed because all Host Name should be allowed.
When I send requests to a hostname which is not on the allowed list, there is a violation. I think this is the normal behavior. Right?
Thank you very much!
- Nikoolayy1
As Radek metioned I have not seen issues with being blocked by this thing, so this is why F5 has not provided a wildcard option. Better test if you are getting at all and if you see error related to the host header as I provided it before first follow K15473 and if there is something else mention it.
- dromerot
Hi Radek, Nikoolayy1,
I have a Suggested Action to Add Valid Host Name to the security policy and I was thinking that if I accept this suggestion, only this Host Name would be allowed.
What does this suggestion means then?
Thanks you!!
Ivan_ChernenkiiEmployee
Hello,
If you don't define any host name in policy configuration, then all host names are allowed.
Thanks, Ivan
