We are running some security scans against our production environment, and one thing that came back is the result flagging HTTP Host Header Injection found at PORT : 80.
HTTP/1.0 302 Found
Has anyone tried dealing with this vulnerability? or is there any available resource I can go through to implement a fix in the F5 level?
Hi @lorenze ,
It's clear that you did your Vulnerability Scan through BIGIP.
it seems to be backend server issue or miss configuration.
I see this is a Mixed content issue which means >> some web developers add Mixed URLs returned from servers to client for redirections.
I want to say that backend server itself may return a ( http://host.com/path1/path2 ) although you as a client expects (https) Communication, So this is a miss configs from server side.
F5 bigip overcome this Mixed Content issue by using ( Redirection irule to redirect from http to https ) or using Stream profile >> but this not our Topic here.
> try to do this Scan test directly with backend servers not through bigip and I think you will observe the same thing.
> So you should solve it from Backend server itself.
> If you need to overcome this by bigip follow this Article : https://my.f5.com/manage/s/article/K31100432
But you will be still vulnerable , so solve it from backend server code with the aids of ( Server developer or Vendor )
I hope you find my comment insightful,
Thanks for the response @Mohamed_Ahmed_Kansoh. Just for additional insights, as far as I understand the vulnerability which I could be wrong.
The orignal http url (e.g http://example.com) can be changed into arbitrary url (e.g https://asdfad.com) I was just wondering if thier is an easy way to prevent this from an F5 level being the servers are load balanced.
We have an irule that redirect http traffic to https but this is still being flag as vulnerable.
Hi @lorenze ,
Yes it will be still vulnerable as I said , you can solve it from server side Code.
Or try to use Stream profile another workaround and this should mark you are vulnerable in vulnerability scanner.
use the irule and Stream profile Features in the following Article :
Based on "Server: BigIP" of the response header, it appears that your F5 is responding with this 302 redirect. Do you have some type of HTTP to HTTPS redirect (iRule or Policy) configured on your port 80 VIP?
If so, you could explore something like this iRule: https://community.f5.com/t5/technical-forum/host-header-injection-irule/td-p/295090. The same can also be done with a policy.