Forum Discussion
HTTP Host Header Injection found at PORT : 80 vulnerability
Thanks for the response Mohamed_Ahmed_Kansoh. Just for additional insights, as far as I understand the vulnerability which I could be wrong.
The orignal http url (e.g http://example.com) can be changed into arbitrary url (e.g https://asdfad.com) I was just wondering if thier is an easy way to prevent this from an F5 level being the servers are load balanced.
We have an irule that redirect http traffic to https but this is still being flag as vulnerable.
Thanks,
- Aug 22, 2023
Hi lorenze ,
Yes it will be still vulnerable as I said , you can solve it from server side Code.
Or try to use Stream profile another workaround and this should mark you are vulnerable in vulnerability scanner.
use the irule and Stream profile Features in the following Article :
https://my.f5.com/manage/s/article/K31100432
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com