Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Disable Host Name Check

dromerot
Nimbostratus
Nimbostratus

‎07-Apr-2021 01:08

Hi,

 

I would like to disable the Host Name check in the security policy. I mean, I would like to allow all Host Name. I've configured a Rapid Deployment Policy (RDP) and I've tried to configure a wildcard as Host Name but it is not possible in the security policy.

 

Is there any way to disable Host Name check?

 

Thanks!

Labels:
0 Kudos
8 REPLIES 8

Nikoolayy1
MVP
MVP

‎07-Apr-2021 02:20

Have allowed the hostnames under Headers > Host Names ?

 

https://support.f5.com/csp/article/K67438310

 

 

Also for the URL allowed or blocked objects the hostname is not important:

 

 

https://support.f5.com/csp/article/K74535942

 

 

Also you may check this:

 

https://support.f5.com/csp/article/K15473

 

 

 

 

 

Also can you add a security logging profile under the VIP and provide a screenshot or the error?

0 Kudos

dromerot
Nimbostratus
Nimbostratus

‎07-Apr-2021 05:20

Hi Nikoolayy1,

 

I would like to allow any Host Name or disable Host Name checks. I can't add a wildcard as a Host Name. I've attached an screenshot.

 

0691T00000C2qamQAB.png 

Thanks!

0 Kudos

Nikoolayy1
MVP
MVP

‎07-Apr-2021 05:38

Can you test with different hostnames and a policy set to block and VIP with logging profile, to see if you will get blocked as you may not. In many cases the F5 will just gather a list of the hostnames,

 

If you get blocked provide screenshot of the violation.

 

 

 

Just as an info there is an option to learn hostnames automatically "Learning host names automatically

" but fist see if you are getting blocked.

 

 

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/25.html

0 Kudos

RadekR
Altocumulus
Altocumulus

‎07-Apr-2021 05:49

Headers > Host Names is not intended to allow/deny some specific Host Name values.

It is intended to disable security policy protection when specific host name is used.

If you want to disable checking of Host header go to Policy building --> Learing and blocking settings and disable checks in "HTTP protocol compliance failed" group.

dromerot
Nimbostratus
Nimbostratus

‎07-Apr-2021 05:50

Hi Nikoolayy1,

 

I would like to disable Host Name checks, as a result, I was thinking to add a wildcard as Host Name, but it's not possible. I would like to allow ANY Host Name. There are not a list of Host Name allowed because all Host Name should be allowed.

 

When I send requests to a hostname which is not on the allowed list, there is a violation. I think this is the normal behavior. Right?

 

Thank you very much!

0 Kudos

Nikoolayy1
MVP
MVP
In response to dromerot

‎07-Apr-2021 06:28

As Radek metioned I have not seen issues with being blocked by this thing, so this is why F5 has not provided a wildcard option. Better test if you are getting at all and if you see error related to the host header as I provided it before first follow K15473 and if there is something else mention it.

 

https://support.f5.com/csp/article/K15473

0 Kudos

dromerot
Nimbostratus
Nimbostratus

‎07-Apr-2021 06:59

Hi Radek, Nikoolayy1,

 

I have a Suggested Action to Add Valid Host Name to the security policy and I was thinking that if I accept this suggestion, only this Host Name would be allowed.

 

What does this suggestion means then?

 

0691T00000C2qt0QAB.png 

Thanks you!!

0 Kudos

Ivan_Chernenkii
F5 Employee
F5 Employee

‎07-May-2021 13:34

Hello,

 

If you don't define any host name in policy configuration, then all host names are allowed.

 

Thanks, Ivan

0 Kudos
Copyright © 2023 Khoros, LLC