Welcome! Log In Create A New Profile

RE: Prevent Arbitary HTTP Host header in nginx

Forum List Message List New Topic Print View

Reinis Rozitis

February 27, 2020 02:52PM

> Is there a way to prevent Arbitrary HTTP Host header in Nginx? Penetration test has reported accepting arbitrary host headers. Thanks in Advance and I look forward to hearing from you.

You can always define "catch all" server block with:

server {
listen 80 default_server;
server_name _;
return 444;
}

(444 is connection close without response)

And then just add valid host names to the other server blocks.

rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Prevent Arbitary HTTP Host header in nginx	kaushalshriyan	February 27, 2020 01:36PM
RE: Prevent Arbitary HTTP Host header in nginx	Reinis Rozitis	February 27, 2020 02:52PM
Re: Prevent Arbitary HTTP Host header in nginx	kaushalshriyan	February 28, 2020 02:24AM
RE: Prevent Arbitary HTTP Host header in nginx	Reinis Rozitis	February 28, 2020 02:54AM
Re: Prevent Arbitary HTTP Host header in nginx	kaushalshriyan	February 28, 2020 03:24AM
RE: Prevent Arbitary HTTP Host header in nginx	Reinis Rozitis	February 28, 2020 03:58AM
RE: Prevent Arbitary HTTP Host header in nginx	Reinis Rozitis	February 28, 2020 04:00AM
Re: Prevent Arbitary HTTP Host header in nginx	kaushalshriyan	February 28, 2020 05:00AM
RE: Prevent Arbitary HTTP Host header in nginx	Reinis Rozitis	February 28, 2020 10:40AM
Re: Prevent Arbitary HTTP Host header in nginx	kaushalshriyan	February 28, 2020 12:50PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 244

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018