> Is there a way to prevent Arbitrary HTTP Host header in Nginx? Penetration test has reported accepting arbitrary host headers. Thanks in Advance and I look forward to hearing from you.
You can always define "catch all" server block with:
server {
listen 80 default_server;
server_name _;
return 444;
}
(444 is connection close without response)
And then just add valid host names to the other server blocks.
rr
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx