You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -10,7 +10,7 @@ Spoofing of this header, may leads to a variety of problems, from phishing to SS
Most of the time it's a result of using `$http_host` variable instead of `$host`.
And they are quite different:
*`$http` - host in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request;
*`$host` - host in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request;
*`$http_host` - "Host" request header.
Config sample:
Expand All
@@ -29,4 +29,4 @@ Luckily, all is quite obvious:
## Additional info
*[Host of Troubles Vulnerabilities](https://hostoftroubles.com/)
