Is $http_host dangerous?

x7311 nginx-forum at
Sun May 27 22:16:06 UTC 2012

Actually, I should reconsider my position on this after reading this:

I am not sure how nginx reacts to that, but according to you Francis,
you seems to be inline with Chris Shiflett that neither is safe nor
insecure. They are pretty much the same thing. 

Under one circumstances, can you think of a way to exploit when using

Posted at Nginx Forum:,226866,226883#msg-226883

More information about the nginx mailing list