Prevent Arbitary HTTP Host header in nginx
r at roze.lv
Thu Feb 27 19:51:48 UTC 2020
> Is there a way to prevent Arbitrary HTTP Host header in Nginx? Penetration test has reported accepting arbitrary host headers. Thanks in Advance and I look forward to hearing from you.
You can always define "catch all" server block with:
listen 80 default_server;
(444 is connection close without response)
And then just add valid host names to the other server blocks.
More information about the nginx