iRule to drop connection of invalid host header

Question

I have an issue creating an iRule. I need the iRule to drop the connection at the F5 if the host header is manipulated. I have tried some iRules in Test but the syntax is apparently not correct.

kai_wilke · Answer

Hi ITNINJAWARROIOR,
try the iRule to allow just a few selected HOST-header values to pass through...
when HTTP_REQUEST {
    switch -exact -- [string tolower [HTTP::host]] {
        "www.domain.de" -
        "www.domain.fr" -
        "www.domain.com" {
             Do nothing for white listed HOST-header values...
        }
        default {
             Send 502 response for reuqests with unknown HOST-headers...
            HTTP::respond 502 content "Bad Gateway" "Content-Type" "text/html" "Connection" "close"         
        }
    }
}

Cheers, Kai

Forum Discussion

iRule to drop connection of invalid host header

Recent Discussions

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Related Content

err tmm1[24399]: 011f0007:3: http_process_state_prepend - Invalid action:0x107041 clientside

DevCentral Connects hosts Capture the Flag!

Troubeshooting website connection

Rebalancing connections

C3D and header insert

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS