Hi Tony,
If you create a datagroup (type: string) of legal or illegal HTTP host header values you can use an iRule like this to check the requested Host header value against it. You can also add a check to see that the Host header value isn't an IP address:
when HTTP_REQUEST {
Check the Host against a datagroup of legal host header values
if {not ([matchclass [string tolower [HTTP::host]] equals legal_host_headers_class])}{
HTTP::respond 403 content {Forbidden!}
return
}
Check the Host against a datagroup of illegal host header values
if {[matchclass [string tolower [HTTP::host]] equals illegal_host_headers_class]}{
HTTP::respond 403 content {Forbidden!}
return
}
Check if the Host is an IP address, blank or non-existent
if {not ([string match {*[a-zA-Z]*} [HTTP::host]])}{
HTTP::respond 403 content {Forbidden!}
}
}
Aaron