Is $http_host dangerous?

jwxie nginx-forum at
Sat May 26 23:00:15 UTC 2012

No one has an answer to my question, so I figured out a solution:,226823,226849#msg-226849

I had to replace `$host` with `$http_host` to get my problem

But is this safe?

It seems like all `$http_host` is doing is to exposed the whole `HOST`
from header.
The explination,213799 here is still
not clear to me...

Someone has any idea why would `$http_host` be more dangerous?

Posted at Nginx Forum:,226866,226866#msg-226866

More information about the nginx mailing list