Verify Host Header and request URL match.

Question

I need to verify that the host header associated with the url request matches.  example:  disgruntled employee wants to wipe out everything on our internal sharepoint.  he modifies his host file to say that internal.sharepoint.com = sharepoint.com.  Sharepoint, for some reason, only seems to care about the host header, so it sends them to the internal site.  he logs in and wipes everything.  I have no clue on iRules...any help with this, or any idea how to do it differently would be appreciated.  Here's what I have so far, that doesn't work :/&nbsp;
when HTTP_REQUEST {
if { ([HTTPS::host] equals "test.example.com.com")and ([HTTP::header] equals "test.example.com")} {
  HTTP::redirect https://test.example.com
  }
}&nbsp;

mohamed_lrhazi · Answer

Host header is one part of "http request", there is no "host" info in a header, then another in the "request".&nbsp;
disgruntled employee can download plugins to firefox or chrome and craft whatever headers or requests he needs, no need to mess with their /etc/hosts. If one can wipe out everything, when they should not have been allowed to, than that a bigger issue you have. Your system needs to securely authenticate people, then apply authorization policies so they access just what the need to access... &nbsp;
Unless I totally misunderstood your question, which happens to me often. Sorry.&nbsp;

server_team_146 · Answer

Correct. I am misusing the word hostheader.  I mean Host.  I can manipulate the host to be whatever I want...therefore, I want to make sure that the Host they're requesting is "sharepoint.com"  and not anything else...does that make more sense?&nbsp;
re: disgruntled employee. agreed. we don't have a good offloading process and sometimes the team that disables user accounts/access miss one every once in a while.  our Sharepoint environment isn't set up ideally.  which is why we're trying to address it via f5.&nbsp;
thanks for replying!&nbsp;

mohamed_lrhazi · Answer

OK, so you simply want something like:
if {not ([string tolower [HTTP::host]] equals "www.example.com")} {
 reject
 }
or see this example that redirects based on strings found inside the Host header:
https://devcentral.f5.com/wiki/iRules.Universal_Host_Redirect.ashx

Forum Discussion

Verify Host Header and request URL match.

3 Replies

Recent Discussions

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Verifying Slack Requests with Mutual TLS

Revocation Status in HTTP Request Header

F5 AWAF - bypass request based on the pressence of a request header - value

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1