Forum Discussion

lorenze's avatar
lorenze
Icon for Altocumulus rankAltocumulus
Aug 22, 2023

HTTP Host Header Injection found at PORT : 80 vulnerability

Hello Everyone,  We are running some security scans against our production environment, and one thing that came back is the result flagging HTTP Host Header Injection found at PORT : 80. HTTP...
security
Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Aug 22, 2023

Hi lorenze , 

It's clear that you did your Vulnerability Scan through BIGIP. 

it seems to be backend server issue or miss configuration. 

I see this is a Mixed content issue which means >> some web developers add Mixed URLs returned from servers to client for redirections. 
I want to say that backend server itself may return a ( http://host.com/path1/path2 ) although you as a client expects (https) Communication, So this is a miss configs from server side. 

F5 bigip overcome this Mixed Content issue by using ( Redirection irule to redirect from http to https ) or using Stream profile >> but this not our Topic here. 

> try to do this Scan test directly with backend servers not through bigip and I think you will observe the same thing. 

> So you should solve it from Backend server itself. 

> If you need to overcome this by bigip follow this Article : https://my.f5.com/manage/s/article/K31100432
But you will be still vulnerable , so solve it from backend server code with the aids of ( Server developer or Vendor ) 

I hope you find my comment insightful,