Forum Discussion
lorenze
Aug 22, 2023Altocumulus
HTTP Host Header Injection found at PORT : 80 vulnerability
Hello Everyone, We are running some security scans against our production environment, and one thing that came back is the result flagging HTTP Host Header Injection found at PORT : 80. HTTP...
answ161
Aug 23, 2023Altostratus
Based on "Server: BigIP" of the response header, it appears that your F5 is responding with this 302 redirect. Do you have some type of HTTP to HTTPS redirect (iRule or Policy) configured on your port 80 VIP?
If so, you could explore something like this iRule: https://community.f5.com/t5/technical-forum/host-header-injection-irule/td-p/295090. The same can also be done with a policy.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects