Forum Discussion

lorenze's avatar
lorenze
Icon for Altocumulus rankAltocumulus
Aug 22, 2023

HTTP Host Header Injection found at PORT : 80 vulnerability

Hello Everyone, 


We are running some security scans against our production environment, and one thing that came back is the result flagging HTTP Host Header Injection found at PORT : 80.

HTTP/1.0 302 Found
Location:htttps://********.com
Server: BigIP
Connection: close
Content-Length: 0

Has anyone tried dealing with this vulnerability? or is there any available resource I can go through to  implement a fix in  the F5 level?



Thanks,


  • Hi lorenze , 

    It's clear that you did your Vulnerability Scan through BIGIP. 

    it seems to be backend server issue or miss configuration. 

    I see this is a Mixed content issue which means >> some web developers add Mixed URLs returned from servers to client for redirections. 
    I want to say that backend server itself may return a ( http://host.com/path1/path2 ) although you as a client expects (https) Communication, So this is a miss configs from server side. 

    F5 bigip overcome this Mixed Content issue by using ( Redirection irule to redirect from http to https ) or using Stream profile >> but this not our Topic here. 

    > try to do this Scan test directly with backend servers not through bigip and I think you will observe the same thing. 

    > So you should solve it from Backend server itself. 

    > If you need to overcome this by bigip follow this Article : https://my.f5.com/manage/s/article/K31100432
    But you will be still vulnerable , so solve it from backend server code with the aids of ( Server developer or Vendor ) 

    I hope you find my comment insightful,

  • Thanks for the response Mohamed_Ahmed_Kansoh.   Just for additional insights, as far as I understand the vulnerability which I could be wrong. 

    The orignal http url (e.g http://example.com) can be changed into arbitrary url  (e.g https://asdfad.com) I was just wondering if thier is an easy way to prevent this from an F5 level being the servers are  load balanced. 

    We have an irule that redirect http traffic to https but this  is still being flag as vulnerable. 

    Thanks, 



    • lorenze's avatar
      lorenze
      Icon for Altocumulus rankAltocumulus

      Hi answ161 ,

      Thanks for the response, and to answer that, yes we do have a http to https redirect irule  in this particular VS. let  me give this a try and will provide update once I get it tested. Thanks!