In WAF are host headers canonicalized to lower case or should one use something like this?
lower(http.host) eq “example.com”
Ran a few tests myself with chrome and curl and seems like the host header value is always in lower case so lower() shouldn’t be necessary and the comparison value should always to be in lower case.
Correct me if I’m wrong or if there are special cases.
I believe that all host headers should be lowercase, but there is also no harm in leaving the lower() int.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.