Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Host Header Poisoning

Here I am showing some of the Headers from the request. The Host Header contains the MALICIOUS/UNWANTED alphabets before domain name/host name. How it is possible to block such requests on ASM?

GET /abc/test/framework/web*********** HTTP/1.1

Host: dhbwkf.www.HOSTNAME.com

Cache-Control: no-cache

Connection: close

User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

You can use ASM policy to block invalid host headers: (response from: René Geile)

https://devcentral.f5.com/questions/asm-policy-not-blocking-invalid-host-headers-58747

you allways need two parts for ASM features:

  • Configure the feature (i.e. define valid Host Headers, define valid methods)

  • Configure Blocking/Learning/Alerting for the violations of the features.

See Security- Application Security : Policy Building : Learning and Blocking Settings

Section "HTTP Compliance": Enable blocking. Enable all host header related subitems in this section. (Bad Host Header value, Host header contains an IP address...)

Section "headers" : Enable "blocking" for violation "illegal methods"

1
Comments on this Answer
Comment made 2 months ago by MSZ 471

Hi,

Thanks for the response.

Kindly share all the configurable features in ASM. Which Host Headers should be defined?

0
Comment made 2 months ago by MSZ 471

Please response.

Configure the feature (i.e. define valid Host Headers, define valid methods)

0