Krishnamurali_2
Aug 16, 2017Nimbostratus
Host header match - Http host
I am looking for the Irule for the improper input handing (Host header) Basically application uses the input coming from the Host or X-Forwarded-Host request headers as part of the response without proper validation.the application exhibits this behavior with OR without "?host_header=host" appended to the URL. The host header is simply being used without checks that it contains a valid domain." Solution i am looking for the solution
- Blocking the request when the Host header mismatches domain of the URL being requested.