AltostratusI've trying to limit access to a specific hostname. I've added the desired host name in Security/Application/Headers/Host Names. The policy is enforcing (e.g. GeoIP blocking is working), but it still allows other host names. The log shows the entries with the unwanted host header.
Any tips? Is there something else I need to turn on?
AltostratusI also removed "HEAD" from the Methods list, but can still use HEAD.
This is v13.1.0.2
CirrusHi,
you allways need two parts for ASM features:
Configure the feature (i.e. define valid Host Headers, define valid methods)
Configure Blocking/Learning/Alerting for the violations of the features.
See Security- Application Security : Policy Building : Learning and Blocking Settings
Section "HTTP Compliance": Enable blocking. Enable all host header related subitems in this section. (Bad Host Header value, Host header contains an IP address...)
Section "headers" : Enable "blocking" for violation "illegal methods"
CirrusHi
I just wanted to add that as far as I know, defining hostnames in "Headers-> Host Names" only allow you to set the policy in Transparent mode for those specific host names.
It is not used to block traffic that destined to those host names. There's no violations saying 'invalid host name' .
Many thanks,
karim