Prevent Arbitary HTTP Host header in nginx

Kaushal Shriyan kaushalshriyan at gmail.com
Thu Feb 27 18:33:51 UTC 2020


Hi,

Is there a way to prevent Arbitrary HTTP Host header in Nginx? Penetration
test has reported accepting arbitrary host headers. Thanks in Advance and I
look forward to hearing from you.

More Information as below:-
https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/
https://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html

Best Regards,

Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200228/3313f96b/attachment.htm>


More information about the nginx mailing list