Get a quote

Vulnerability Fixation
Host Header Attack

Book a Free Consultation

Host Header Attack

Vulnerability

What is HOST HEADER?

It is normal practice for a single web server to host multiple sites or web applications on the same IP address. The Host header determines which site or web application should process an incoming HTTP request.

The web server uses the Host header parameter value to dispatch the request to the appropriate site or web application. Each web application existing on the same IP address is commonly referred to as a virtual host.

Many web applications rely on the HTTP Host header to determine their own location. What many application administrators don't realize is that the HTTP Host header is controlled by the client. Hence it poses many risks and introduces various attack vectors, namely:

  • password reset poisoning
  • cache poisoning
  • access to other internal host/application
  • XSS

Example requests:

GET /index.html HTTP/1.1
Host: example.com

GET /index.html HTTP/1.1
Host: evil.com

Solution:
  • Reject any request whose Host header does not match the intended domain.
  • Validate the Host header to ensure the request originates from the expected host.
  • Mitigate Host header injection in Apache and Nginx by creating a dummy virtual host that catches
    requests with unrecognized Host headers.
  • Create a whitelist of trusted domains during initial application setup and map Host header values of incoming requests against it.
  • It is recommended to disable support for the X-Forwarded-Host header; if it cannot be disabled,
    enforce strict validation to prevent tampering.
  • Use secure server configuration.

Also Read :

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More