Forum Discussion

Krishnamurali_2's avatar
Krishnamurali_2
Icon for Nimbostratus rankNimbostratus
Aug 16, 2017

Host header match - Http host

I am looking for the Irule for the improper input handing (Host header) Basically application uses the input coming from the Host or X-Forwarded-Host request headers as part of the response without proper validation.the application exhibits this behavior with OR without "?host_header=host" appended to the URL. The host header is simply being used without checks that it contains a valid domain." Solution i am looking for the solution

 

  1. Blocking the request when the Host header mismatches domain of the URL being requested.
application delivery
iRules

5 Replies

Sort By
    • Krishnamurali_2's avatar
      Krishnamurali_2
      Icon for Nimbostratus rankNimbostratus
      Aug 21, 2017

      Is there any we can right like this

       

      when HTTP_REQUEST {

       

      If { [HTTP::header exists "abc.com"] } { else { [HTTP::header insert "page not found"] }

       

      }

       

      }

       

      but when i execute this , i am getting error message . pls find the below

       

      ule [/Common/hostheader] error: /Common/hostheader:3: error: [undefined procedure: If][If { [HTTP::header exists "abc.com"] } { else { [HTTP::header insert "page not found"] }

       

      }]

       

      please advise ..

       

    • Krishnamurali_2's avatar
      Krishnamurali_2
      Icon for Nimbostratus rankNimbostratus
      Aug 21, 2017

      Is there any we can right like this

       

      when HTTP_REQUEST {

       

      If { [HTTP::header exists "abc.com"] } { else { [HTTP::header insert "page not found"] }

       

      }

       

      }

       

      but when i execute this , i am getting error message . pls find the below

       

      ule [/Common/hostheader] error: /Common/hostheader:3: error: [undefined procedure: If][If { [HTTP::header exists "abc.com"] } { else { [HTTP::header insert "page not found"] }

       

      }]

       

      please advise ..

       

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Aug 21, 2017

    Try this

    when HTTP_REQUEST {
    If { !([HTTP::host] equals "abc.com") } {                                                              
        HTTP::respond 404 content "page not found"            
    }
}