cancel
Showing results for 
Search instead for 
Did you mean: 

Host header injection iRule

PG0581
Altocumulus
Altocumulus

I would like to create an iRule that whitelists based on the HTTP host header value, and if that matches redirect to HTTPS. 

Can someone confirm if what I have will work? 

 

 

ltm rule whitelist-http-host-header {
    when HTTP_REQUEST {
        if { [string tolower [HTTP::header values "Host"]] equals "abc.com"} {
            redirect to "HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]"
        } else {[HTTP::respond 400 content "Bad Request" "Content-Type" "text/html"} 

        }
    }

 

 

 

1 ACCEPTED SOLUTION

Hi PG0581,

when HTTP_REQUEST {
	if { [HTTP::host] eq "abc.com" } {
		HTTP::redirect "https://abc.com[HTTP::uri]"
		return
	} else {
		HTTP::respond 400 content "Bad Request" "Content-Type" "text/html"
	}
}

View solution in original post

2 REPLIES 2

Hi PG0581,

when HTTP_REQUEST {
	if { [HTTP::host] eq "abc.com" } {
		HTTP::redirect "https://abc.com[HTTP::uri]"
		return
	} else {
		HTTP::respond 400 content "Bad Request" "Content-Type" "text/html"
	}
}

Thanks very much @Enes_Afsin_Al