Is $http_host dangerous?
jwxie
nginx-forum at nginx.us
Sat May 26 23:00:15 UTC 2012
No one has an answer to my question, so I figured out a solution:
http://forum.nginx.org/read.php?2,226823,226849#msg-226849
I had to replace `$host` with `$http_host` to get my problem
resolved...
But is this safe?
It seems like all `$http_host` is doing is to exposed the whole `HOST`
from header.
The explination http://forum.nginx.org/read.php?2,213799 here is still
not clear to me...
Someone has any idea why would `$http_host` be more dangerous?
Thanks.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,226866,226866#msg-226866
More information about the nginx
mailing list