Drop requests with changes in hostname.
This is the iRule of customer:
when HTTP_REQUEST {
if { not ([string tolower [HTTP::host]] equals "test.bank.com") } {
log local0. "400 [HTTP::host]"
HTTP::respond 400 -version auto content "Bad Request" "Content-Type" "text/html"
}
elseif { not ([string tolower [HTTP::uri]] starts_with "/etest") } {
log local0. "302 [HTTP::host] [HTTP::uri]"
HTTP::respond 302 -version auto Location https://test.bank.com/etest[HTTP::uri]
}
return
}
What happens now with this iRule is that all legitimate requests are being redirectd to https://test.bank.com/etest but they have other uri on the host test.bank.com (ex. test.bank.com/emobile)
According to the customer what they want is when a client changes the host name to for example test2.bank.com, the VIP should not respond with 200 OK. But requests with correct hostname will be passed with correct URI.
That is, requests with test.bank.com/etest will go to test.bank.com/etest or test.bank.com/emobile to test.bank.com/emonile. But requests with test2.bank.com/etest or test.bank2.com/emobile are dropped with a message.
This requirement is for Host Injection vulnerability.
Any advise on what to change on the above iRule?