คือผมทำเว็บไซต์อยู่เว็บนึง เสร็จแล้วเอาไป Scan ด้วย acunetix มันฟ้องว่า Host header attack ผมไม่เคยเจอแล้วก็ไม่รู้ต้องแก้ยังไง จนปัญญามากๆ
ไม่รู้ว่าเกี่ยวกับ Host หรืออะไรยังไงด้วยไม๊ ผมขอความกรุณา ผู้ที่รู้ ช่วยแชร์วิธีแก้ไขหน่อยนะคับ ขอบคุณล่วงหน้าคับ
[B]Description[/B]
An attacker can manipulate the Host header as seen by the web application and cause the application to behave in
unexpected ways. Developers often resort to the exceedingly untrustworthy HTTP Host header
(_SERVER[“HTTP_HOST”] in PHP). Even otherwise-secure applications trust this value enough to write it to the page
without HTML-encoding it with code equivalent to:
<link href=“http://_SERVER[‘HOST’]” (Joomla)
…and append secret keys and tokens to links containing it:
<a href=“http://_SERVER[‘HOST’]?token=topsecret”> (Django, Gallery, others)
…and even directly import scripts from it:
<script src=“http://_SERVER[‘HOST’]/misc/jquery.js?v=1.4.4”> (Various)
[B]Impact[/B]
An attacker can manipulate the Host header as seen by the web application and cause the application to behave in
unexpected ways.
[B]Recommendation[/B]
The web application should use the SERVER_NAME instead of the Host header. It should also create a dummy vhost
that catches all requests with unrecognized Host headers. This can also be done under Nginx by specifying a
non-wildcard SERVER_NAME, and under Apache by using a non-wildcard serverName and turning the
UseCanonicalName directive on. Consult references for detailed information.