Have you already captured a tcpdump of a retried request which the web server responds to with a 400 - bad hostname? If so, are the headers valid? Can you compare the request the BIG-IP sends to the web server with the original client request?
It looks like you're using string map to replace Host with Authenticated 1 Host. Without inserting a carriage return and line feed this would result in the host header being corrupted:
Sample original request:
GET /index.html HTTP/1.1
Host: test.example.com
Connection: close
After modification, the host header would be gone:
GET /index.html HTTP/1.1
Authenticated: 1 Host: test.example.com
Connection: close
The web server would parse the Authenticated header as having a value of "1 Host: test.example.com".
You could try to figure out how to insert a carriage return and line feed (0x0d and 0x0a in hex) between the 1 and Host. Else, it would probably be easier to use 'HTTP::header insert Authenticated 1' and then save the HTTP::request value. It looks like this second method would work:
when HTTP_REQUEST {
log local0. "original \[HTTP::request\]: [HTTP::request]"
HTTP::header insert new_header some_value
log local0. "modified \[HTTP::request\]: [HTTP::request]"
}
Request:
curl http_vip
Log output:
: original [HTTP::request]: GET / HTTP/1.1 User-Agent: curl/7.15.4 (i686-pc-cygwin) libcurl/7.15.4 OpenSSL/0.9.8d zlib/1.2.3 Host: http_vip Accept: */*
: modified [HTTP::request]: GET / HTTP/1.1 User-Agent: curl/7.15.4 (i686-pc-cygwin) libcurl/7.15.4 OpenSSL/0.9.8d zlib/1.2.3 Host: http_vip Accept: */* new_header: some_value
Aaron