Jump to content
Welcome to our new Citrix community!

Host header attack


Recommended Posts

Hi!

 

If you don't need the host header in your application just remove  this header for any resquest on the Netscaler. You will need to do a rewrite policy.

Something like this:

 

add rewrite action rw_act_removeHost delete_http_header Host
add rewrite policy rw_pol_removeHost "HTTP.REQ.HEADER(\"Host\").EXISTS" rw_act_removeHost

 

If you need this host header than you need to do a responder policy and check that this header is correct. A good ideea would be to  have a whitelist of hosts that you actually have behind the Netscaler and permit only requests that have the host header in the whitelist.

 

 

thanks!

Link to comment
Share on other sites

  • 4 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...