Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Disable Host Name Check

dromerot
Nimbostratus
Nimbostratus

Hi,

 

I would like to disable the Host Name check in the security policy. I mean, I would like to allow all Host Name. I've configured a Rapid Deployment Policy (RDP) and I've tried to configure a wildcard as Host Name but it is not possible in the security policy.

 

Is there any way to disable Host Name check?

 

Thanks!

8 REPLIES 8

Have allowed the hostnames under Headers > Host Names ?

 

https://support.f5.com/csp/article/K67438310

 

 

Also for the URL allowed or blocked objects the hostname is not important:

 

 

https://support.f5.com/csp/article/K74535942

 

 

Also you may check this:

 

https://support.f5.com/csp/article/K15473

 

 

 

 

 

Also can you add a security logging profile under the VIP and provide a screenshot or the error?

dromerot
Nimbostratus
Nimbostratus

Hi Nikoolayy1,

 

I would like to allow any Host Name or disable Host Name checks. I can't add a wildcard as a Host Name. I've attached an screenshot.

 

0691T00000C2qamQAB.png 

Thanks!

Can you test with different hostnames and a policy set to block and VIP with logging profile, to see if you will get blocked as you may not. In many cases the F5 will just gather a list of the hostnames,

 

If you get blocked provide screenshot of the violation.

 

 

 

Just as an info there is an option to learn hostnames automatically "Learning host names automatically

" but fist see if you are getting blocked.

 

 

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/25.html

RadekR
Altocumulus
Altocumulus

Headers > Host Names is not intended to allow/deny some specific Host Name values.

It is intended to disable security policy protection when specific host name is used.

If you want to disable checking of Host header go to Policy building --> Learing and blocking settings and disable checks in "HTTP protocol compliance failed" group.

dromerot
Nimbostratus
Nimbostratus

Hi Nikoolayy1,

 

I would like to disable Host Name checks, as a result, I was thinking to add a wildcard as Host Name, but it's not possible. I would like to allow ANY Host Name. There are not a list of Host Name allowed because all Host Name should be allowed.

 

When I send requests to a hostname which is not on the allowed list, there is a violation. I think this is the normal behavior. Right?

 

Thank you very much!

As Radek metioned I have not seen issues with being blocked by this thing, so this is why F5 has not provided a wildcard option. Better test if you are getting at all and if you see error related to the host header as I provided it before first follow K15473 and if there is something else mention it.

 

https://support.f5.com/csp/article/K15473

dromerot
Nimbostratus
Nimbostratus

Hi Radek, Nikoolayy1,

 

I have a Suggested Action to Add Valid Host Name to the security policy and I was thinking that if I accept this suggestion, only this Host Name would be allowed.

 

What does this suggestion means then?

 

0691T00000C2qt0QAB.png 

Thanks you!!

Ivan_Chernenkii
F5 Employee
F5 Employee

Hello,

 

If you don't define any host name in policy configuration, then all host names are allowed.

 

Thanks, Ivan