NimbostratusHere I am showing some of the Headers from the request. The Host Header contains the MALICIOUS/UNWANTED alphabets before domain name/host name. How it is possible to block such requests on ASM?
GET /abc/test/framework/web*********** HTTP/1.1
Host: dhbwkf.
Cache-Control: no-cache
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
CumulonimbusHi,
You can use ASM policy to block invalid host headers: (response from: René Geile)
https://devcentral.f5.com/questions/asm-policy-not-blocking-invalid-host-headers-58747
you allways need two parts for ASM features:
Configure the feature (i.e. define valid Host Headers, define valid methods)
Configure Blocking/Learning/Alerting for the violations of the features.
See Security- Application Security : Policy Building : Learning and Blocking Settings
Section "HTTP Compliance": Enable blocking. Enable all host header related subitems in this section. (Bad Host Header value, Host header contains an IP address...)
Section "headers" : Enable "blocking" for violation "illegal methods"