Content Spoofing vulnerability
blason
nginx-forum at forum.nginx.org
Fri Aug 11 06:47:34 UTC 2017
Hi Guys,
We have multiple webservers behind Nginx Reverse Proxy and at one of the
server we have discovered Content spoofing, the vulnerability is patched on
Apache but also needs to be patchef on Nginx server.
I googled a lot but unable to find a relevant information. Can someone
please suggest the way to mitigate the same on Nginx?
here is the Apache remediation
RewriteEngine on
RewriteCond %{HTTP_HOST} !^abc\.biz
RewriteCond %{HTTP_HOST} !^www\.abc\.biz
RewriteRule ^(.*)$ - [L,R=404]
ErrorDocument 404 "Page Not Found"
RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ [a-zA-Z0-9\.\+_/\-\?\=\&\%&\,]+\
HTTP/
#RewriteRule .* - [F,NS,L]
RewriteRule ^(.*)$ - [L,R=404]
ErrorDocument 404 "Page Not Found"
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276023,276023#msg-276023
More information about the nginx
mailing list