Re: Avoiding host header exploit in apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Daniel for response. 
Will check and try this.


On Sat, Aug 28, 2021 at 4:17 AM Daniel Ferradal <dferradal@xxxxxxxxxx> wrote:
Define servername with the ip if necessary and do not use RewriteRules
which use %{HTTP_HOST} variable, specify your ip/host manually in the
rewrite.

El vie, 27 ago 2021 a las 10:42, alchemist vk
(<alchemist.vk@xxxxxxxxx>) escribió:
>
> Hi All,
>  I am running Apache 2.4.46 and below is the problem statement.
>  system IP: 10.10.10.10
>  Client IP: 10.10.10.20
>
> When I make a request like curl -vk 'https://10.10.10.10' -H "Host: badsite.com", its redirecting to "https://badsite.com/start.html", instead of redirecting to "https://10.101.10.10/start.html".
> Server is not configured with any domain names, so I cant use ServerName and UseCanonicalName directives to address the issue properly.
>
> Pls help me, how to check the Host header to listening address and take corrective action.
>
>


--
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux