Forum Discussion

Altostratus

May 08, 2017

A way to mitigate CVE-2017-8295

Hello experts, I may be wrong in my approach, but I'm trying to mitigate CVE-2017-8295 by forcing the request to a know fixed host name, (e.g. ). So when another requested host reach my virtual serve...

Cirrocumulus

May 08, 2017

cjunior,

I dont believe this Host Header configuration object works as you believe it should, rather it is a way of telling certain protections of internal/external host names.

Anyway, another option is to create a custom attack signature perhaps? You would want to use the headercontent value to not match the actual host address.

Something like this should work:

headercontent:"Host"; nocase; re2:!"/www.example.com/"; nocase;

See if this helps,

Forum Discussion

A way to mitigate CVE-2017-8295

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

CitrixBleed Mitigation CVE-2023-4966

F5 Distributed Cloud L3-L7 DDoS Mitigation

Mitigating OWASP API Security risks using BIG-IP

Mitigating OWASP API Security Top 10 risks using F5 NGINX App Protect

Open Redirection Mitigation