Forum Discussion
NimbostratusHost header match - Http host
I am looking for the Irule for the improper input handing (Host header) Basically application uses the input coming from the Host or X-Forwarded-Host request headers as part of the response without proper validation.the application exhibits this behavior with OR without "?host_header=host" appended to the URL. The host header is simply being used without checks that it contains a valid domain." Solution i am looking for the solution
- Blocking the request when the Host header mismatches domain of the URL being requested.
5 Replies
Krishnamurali_2Is there any we can right like this
when HTTP_REQUEST {
If { [HTTP::header exists "abc.com"] } { else { [HTTP::header insert "page not found"] }
}
}
but when i execute this , i am getting error message . pls find the below
ule [/Common/hostheader] error: /Common/hostheader:3: error: [undefined procedure: If][If { [HTTP::header exists "abc.com"] } { else { [HTTP::header insert "page not found"] }
}]
please advise ..
- Krishnamurali_2
Is there any we can right like this
when HTTP_REQUEST {
If { [HTTP::header exists "abc.com"] } { else { [HTTP::header insert "page not found"] }
}
}
but when i execute this , i am getting error message . pls find the below
ule [/Common/hostheader] error: /Common/hostheader:3: error: [undefined procedure: If][If { [HTTP::header exists "abc.com"] } { else { [HTTP::header insert "page not found"] }
}]
please advise ..
Stanislas_Piro2Cumulonimbus
Try this
when HTTP_REQUEST { If { !([HTTP::host] equals "abc.com") } { HTTP::respond 404 content "page not found" } }
