Forum Discussion

dromerot's avatar
dromerot
Icon for Nimbostratus rankNimbostratus
Apr 07, 2021

Disable Host Name Check

Hi,

 

I would like to disable the Host Name check in the security policy. I mean, I would like to allow all Host Name. I've configured a Rapid Deployment Policy (RDP) and I've tried to configure a wildcard as Host Name but it is not possible in the security policy.

 

Is there any way to disable Host Name check?

 

Thanks!

8 Replies

  • Headers > Host Names is not intended to allow/deny some specific Host Name values.

    It is intended to disable security policy protection when specific host name is used.

    If you want to disable checking of Host header go to Policy building --> Learing and blocking settings and disable checks in "HTTP protocol compliance failed" group.

  • Have allowed the hostnames under Headers > Host Names ?

     

    https://support.f5.com/csp/article/K67438310

     

     

    Also for the URL allowed or blocked objects the hostname is not important:

     

     

    https://support.f5.com/csp/article/K74535942

     

     

    Also you may check this:

     

    https://support.f5.com/csp/article/K15473

     

     

     

     

     

    Also can you add a security logging profile under the VIP and provide a screenshot or the error?

  • Hi Nikoolayy1,

     

    I would like to allow any Host Name or disable Host Name checks. I can't add a wildcard as a Host Name. I've attached an screenshot.

     

     

    Thanks!

  • Can you test with different hostnames and a policy set to block and VIP with logging profile, to see if you will get blocked as you may not. In many cases the F5 will just gather a list of the hostnames,

     

    If you get blocked provide screenshot of the violation.

     

     

     

    Just as an info there is an option to learn hostnames automatically "Learning host names automatically

    " but fist see if you are getting blocked.

     

     

    https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/25.html

  • Hi Nikoolayy1,

     

    I would like to disable Host Name checks, as a result, I was thinking to add a wildcard as Host Name, but it's not possible. I would like to allow ANY Host Name. There are not a list of Host Name allowed because all Host Name should be allowed.

     

    When I send requests to a hostname which is not on the allowed list, there is a violation. I think this is the normal behavior. Right?

     

    Thank you very much!

    • Nikoolayy1's avatar
      Nikoolayy1
      Icon for MVP rankMVP

      As Radek metioned I have not seen issues with being blocked by this thing, so this is why F5 has not provided a wildcard option. Better test if you are getting at all and if you see error related to the host header as I provided it before first follow K15473 and if there is something else mention it.

       

      https://support.f5.com/csp/article/K15473

  • Hi Radek, Nikoolayy1,

     

    I have a Suggested Action to Add Valid Host Name to the security policy and I was thinking that if I accept this suggestion, only this Host Name would be allowed.

     

    What does this suggestion means then?

     

     

    Thanks you!!

  • Hello,

     

    If you don't define any host name in policy configuration, then all host names are allowed.

     

    Thanks, Ivan