Forum Discussion

Nimbostratus

Apr 23, 2019

iRule to drop connection of invalid host header

I have an issue creating an iRule. I need the iRule to drop the connection at the F5 if the host header is manipulated. I have tried some iRules in Test but the syntax is apparently not correct.

MVP

Apr 23, 2019

Hi ITNINJAWARROIOR,

try the iRule to allow just a few selected HOST-header values to pass through...

when HTTP_REQUEST {
    switch -exact -- [string tolower [HTTP::host]] {
        "www.domain.de" -
        "www.domain.fr" -
        "www.domain.com" {
             Do nothing for white listed HOST-header values...
        }
        default {
             Send 502 response for reuqests with unknown HOST-headers...
            HTTP::respond 502 content "Bad Gateway" "Content-Type" "text/html" "Connection" "close"         
        }
    }
}

Cheers, Kai

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule to drop connection of invalid host header

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

block a specific user

which virtual server will be hit?

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

APM - Portal access - Issue

F5 bot defense - false positives

Related Content

Invalid Content-Length header caused Big-IP to terminate connection?

WebSocket connection to 'wss://...' failed: Invalid frame header

Log Http Headers

Strict header Insertion

Access Logs - Invalid Tenant

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS