Showing results for 
Search instead for 
Did you mean: 

Host, a very special Header


Host, a very special Header

It seems there are odd cases where changing the Host header is silently not allowed.

I found at least two places where I could NOT change this header before STM forwards a request to a backend:

* http.request.head(url, [ headers ], [ timeout ]) (and I suppose http.request.get()) do not accept a Host header in the optional "headers" argument. This can be a real problem since I guess people use it to craft custom requests.

* http.setHeader("Host", "hostheader") does not rewrite the Host header when it happens in a Request rule of an SSL Decrypting Virtual Server.

Not sure why those limitations. Can someone confirm the problem? Will this be allowed in the future? There are ways to circumvent the issue but it's not as elegant.



Frequent Contributor

Re: Host, a very special Header


Do you have some code samples you can share to illustrate these points?

As an aside, if the functions aren't working as described, I would consider the problems to be bugs, and I would LOVE you to raise a support ticket to get them looked at..


Aidan Clarke
Pulse Secure vADC Product Manager

Re: Host, a very special Header

Thank you for your answer Aidan.

Actually I cannot reproduce those issues when I use a fresh configuration designed to exhibit this behavior. I thought I had looked at all caveats already but it seems I should dig further!

I will get back here once I find the ugly truth about my rules!