Host Header Poisoning

Question

Here I am showing some of the Headers from the request.
The Host Header contains the MALICIOUS/UNWANTED alphabets before domain name/host name.
How it is possible to block such requests on ASM?&nbsp;
GET /abc/test/framework/web*********** HTTP/1.1&nbsp;
Host: dhbwkf.&nbsp;
Cache-Control: no-cache&nbsp;
Connection: close&nbsp;
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36&nbsp;

youssef1 · Answer

Hi, &nbsp;
You can use ASM policy to block invalid host headers: (response from: René Geile)&nbsp;
https://devcentral.f5.com/questions/asm-policy-not-blocking-invalid-host-headers-58747&nbsp;
you allways need two parts for ASM features:&nbsp;

Configure the feature (i.e. define valid Host Headers, define valid methods)&nbsp;

Configure Blocking/Learning/Alerting for the violations of the features.&nbsp;

See Security- Application Security : Policy Building : Learning and Blocking Settings&nbsp;
Section "HTTP Compliance": Enable blocking. Enable all host header related subitems in this section. (Bad Host Header value, Host header contains an IP address...)&nbsp;
Section "headers" : Enable "blocking" for violation "illegal methods"&nbsp;

Forum Discussion

Host Header Poisoning

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

(HTTP) Redirection via Arbitrary Host Header

host header in F5

Host header injection iRule

Rewrite Host Header to Server Name

URI host header redirect failing

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS