Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ASM policy not blocking invalid host headers

I've trying to limit access to a specific hostname. I've added the desired host name in Security/Application/Headers/Host Names. The policy is enforcing (e.g. GeoIP blocking is working), but it still allows other host names. The log shows the entries with the unwanted host header.

Any tips? Is there something else I need to turn on?

1
Rate this Question
Comments on this Question
Comment made 22-Mar-2018 by uni 1145

I also removed "HEAD" from the Methods list, but can still use HEAD.

This is v13.1.0.2

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

you allways need two parts for ASM features:

  1. Configure the feature (i.e. define valid Host Headers, define valid methods)

  2. Configure Blocking/Learning/Alerting for the violations of the features.

See Security- Application Security : Policy Building : Learning and Blocking Settings

Section "HTTP Compliance": Enable blocking. Enable all host header related subitems in this section. (Bad Host Header value, Host header contains an IP address...)

Section "headers" : Enable "blocking" for violation "illegal methods"

3
Comments on this Answer
Comment made 25-Mar-2018 by uni 1145

Thanks René. Just what I needed to know.

0