goyogi
Dec 08, 2017Nimbostratus
Host header vulnerability
This interesting vulnerability was found with a simple redirect irule by injecting a bad actor site as a host header, the F5 will redirect based on the host header and not on the host within the URL itself.
when HTTP_REQUEST {
HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"
}
curl -H Host:evil.net foobar.com -i
HTTP/1.0 301 Moved Permanently
Location: https://evil.net/ Server: BigIP Connection: Keep-Alive Content-Length: 0See this article for more details https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/
What would you suggest as the best way to mitigate/fix this?