Forum Discussion

Nimbostratus

Dec 08, 2017

Host header vulnerability

This interesting vulnerability was found with a simple redirect irule by injecting a bad actor site as a host header, the F5 will redirect based on the host header and not on the host within the URL ...

iRules

security

boneyard

MVP

Dec 10, 2017

that is how HTTP works, if you look at an HTTP request (with F12 in most browsers) you will see it sends an URI to an IP (which it resolved from the hostname) and a Host header. some other headers also, but those don't matter here.

so the only way* the device you send such a request to knows for which host it is is the Host header. and if you use that value for something it might turn out weird.

there is little you can do except if you know which hosts are used on your virtual server only allow those and drop all requests with different Host headers.

*) yes there is SNI, but that only works for HTTPS.

Forum Discussion

Host header vulnerability

Recent Discussions

BWC iRule

GTM Packet Capture command

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Related Content

host header in F5

Rewrite Host Header to Server Name

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Select pool based on HTTP host header

Rewrite Host Header to Server IP:port