Content Spoofing vulnerability

c0nw0nk nginx-forum at
Fri Aug 11 14:11:10 UTC 2017

blason Wrote:
> Hi Guys,
> We have multiple webservers behind Nginx Reverse Proxy and at one of
> the server we have discovered Content spoofing, the vulnerability is
> patched on Apache but also needs to be patchef on Nginx server. 
> I googled a lot but unable to find a relevant information. Can someone
> please suggest the way to mitigate the same on Nginx?
> here is the Apache remediation
> RewriteEngine on
> RewriteCond %{HTTP_HOST} !^abc\.biz
> RewriteCond %{HTTP_HOST} !^www\.abc\.biz
> RewriteRule ^(.*)$ - [L,R=404]
> ErrorDocument 404 "Page Not Found"
> RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\
> [a-zA-Z0-9\.\+_/\-\?\=\&\%&\,]+\ HTTP/
> #RewriteRule .* - [F,NS,L]
> RewriteRule ^(.*)$ - [L,R=404]
> ErrorDocument 404 "Page Not Found"

If your application is vulnerable to those kinds of attacks you should patch
it or get a WAF like Naxsi to prevent them.

As the page shows.

    $name = $_REQUEST ['name'];
	<h1>Welcome to the Internet!</h1>
            Hello, <?php echo $name; ?>!
	    <p>We are so glad you are here!</p>

The page functionality can be tested by making the following GET request to
the page:

Posted at Nginx Forum:,276023,276029#msg-276029

More information about the nginx mailing list