iRule to drop connection of invalid host header

Question

I have an issue creating an iRule. I need the iRule to drop the connection at the F5 if the host header is manipulated. I have tried some iRules in Test but the syntax is apparently not correct.

kai_wilke · Answer

Hi ITNINJAWARROIOR,
try the iRule to allow just a few selected HOST-header values to pass through...
when HTTP_REQUEST {
    switch -exact -- [string tolower [HTTP::host]] {
        "www.domain.de" -
        "www.domain.fr" -
        "www.domain.com" {
             Do nothing for white listed HOST-header values...
        }
        default {
             Send 502 response for reuqests with unknown HOST-headers...
            HTTP::respond 502 content "Bad Gateway" "Content-Type" "text/html" "Connection" "close"         
        }
    }
}

Cheers, Kai

Forum Discussion

iRule to drop connection of invalid host header

1 Reply

Recent Discussions

Advise on setting up IRULE

Help with URL Masking

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Access Logs - Invalid Tenant

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

Security headers

err tmm1[24399]: 011f0007:3: http_process_state_prepend - Invalid action:0x107041 clientside

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing