Manage Host Names

Overview

You can manually add legitimate host names to a security policy, for example, if users can access the application from multiple host names.

Prerequisites

  • Verify any attached application services to ensure proper security after changes are deployed.

  • You need to have a user role of Security Manager or Administrator to manage a WAF policy.

How to manage policy host names

Add allowed host names

Add host names that can legitimately access the policy-protected web application.

  1. Click the workspace icon next to the F5 icon, and click Security.

  2. From the left menu click Policies under WAF.

  3. Select the name of the policy.

    A panel for the General Settings opens.

  4. From the panel menu, click Headers.

    The panel displays the Methods tab, which lists the policy’s allowed HTTP methods.

  5. Select the Host Names tab.

  6. Click Create.

    The Host Name Properties panel opens.

  7. In the Name field, type the host name that is used to access the application .

  8. Select the following in the sub-domains field:

    1. Select Include if you also want to use all sub-domains of the specified host name to access the application. The policy matches all FQDNs, and inserts WAF cookies into responses from the sub-domains of the host name.

    2. Select Exclude if only the specified host name can access the application.

  9. Click Save. The changes are saved to the policy, but are not yet deployed to the BIG-IP Next instance.

  10. Click Deploy to deploy changes.

The new host name is now in the Host Names list.

Modify sub-domain settings

Change the sub-domain access settings for an existing host name.

When sub-domains are included The policy matches all FQDNs, and inserts WAF cookies into responses from the sub-domains of the host name.

  1. Click the workspace icon next to the F5 icon, and click Security.

  2. From the left menu click Policies under WAF.

  3. Select the name of the policy.

    A panel for the General Settings opens.

  4. From the panel menu, click Headers.

    The panel displays the Methods tab.

  5. Select the Host Names tab.

  6. Click the host name.

    The Host Name Properties panel opens.

  7. From the sub-domains field:

    1. Select Include if you also want to use all sub-domains of the specified host name to access the application. The policy matches all FQDNs, and inserts WAF cookies into responses from the sub-domains of the host name.

    2. Select Exclude if only the specified host name can access the application.

  8. Click Save. The changes are saved to the policy, but are not yet deployed to the BIG-IP Next instance.

  9. Click Deploy to deploy changes.

The sub-domain settings are updated for the host name. You can see the update in the Sub-Domains column of the policy’s Host Names list.

Manage host name violations

You can specify globally how WAF policies handle traffic with known host name violations. For more information about these violations, see Reference: Host name enforcement.

  1. Click the workspace icon next to the F5 icon, and click Security.

  2. From the left menu click Policies under WAF.

  3. Select the name of the policy.

    A panel for the General Settings opens.

  4. From the panel menu, click Headers.

    The panel displays the Methods tab.

  5. Select the Host Names tab.

  6. Click Violations.

    The Host Name Violations panel opens.

  7. Modify the policy settings:

    1. Alarm - Sends an alert to the event log that the host name violation was detected in traffic to protected applications.

    2. Alarm & Block - Sends an alert to the event log and blocks traffic that includes the host name violation/p.

    3. Disabled - The policy does not enforce host name violations.

  8. Click Save. The changes are saved to the policy, but are not yet deployed to the BIG-IP Next instance.

  9. Click Deploy to deploy changes.

Resources

Host name management using the policy Editor

Edit the WAF policy JSON declaration directly through the WAF policy editor.