Forum Discussion

PG0581's avatar
PG0581
Icon for Cirrus rankCirrus
Apr 28, 2022
Solved

Host header injection iRule

I would like to create an iRule that whitelists based on the HTTP host header value, and if that matches redirect to HTTPS. 

Can someone confirm if what I have will work? 

 

 

ltm rule whitelist-http-host-header {
    when HTTP_REQUEST {
        if { [string tolower [HTTP::header values "Host"]] equals "abc.com"} {
            redirect to "HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]"
        } else {[HTTP::respond 400 content "Bad Request" "Content-Type" "text/html"} 

        }
    }

 

 

 

  • Hi PG0581,

    when HTTP_REQUEST {
    	if { [HTTP::host] eq "abc.com" } {
    		HTTP::redirect "https://abc.com[HTTP::uri]"
    		return
    	} else {
    		HTTP::respond 400 content "Bad Request" "Content-Type" "text/html"
    	}
    }

2 Replies

  • Hi PG0581,

    when HTTP_REQUEST {
    	if { [HTTP::host] eq "abc.com" } {
    		HTTP::redirect "https://abc.com[HTTP::uri]"
    		return
    	} else {
    		HTTP::respond 400 content "Bad Request" "Content-Type" "text/html"
    	}
    }