Avoiding host header exploit in apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi All,
 I am running Apache 2.4.46 and below is the problem statement.
 system IP: 10.10.10.10
 Client IP: 10.10.10.20
 
When I make a request like curl -vk 'https://10.10.10.10' -H "Host: badsite.com", its redirecting to "https://badsite.com/start.html", instead of redirecting to "https://10.101.10.10/start.html".
Server is not configured with any domain names, so I cant use ServerName and UseCanonicalName directives to address the issue properly.

Pls help me, how to check the Host header to listening address and take corrective action.


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux