Welcome! Log In Create A New Profile

Advanced

External service interaction DNS

Posted by ash_sap 
External service interaction DNS
February 21, 2020 11:30AM
Running a site using Nginx, as part of vulnerability scanning, we are getting reports of a DNS proxy form of exploit.

Essentially, it is possible to inject DNS lookups as part of the uri, GET request payload or even in Refer section of the HTTP header.

From Nginix perspective, wanted to know, if there is a way to prevent Nginix to attempt to resolve any DNS requests provided as part of URI, HTTP Refer or even User Agent attribute?
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 61
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready