github
/
gixy
mirror of https://github.com/yandex/gixy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix typo 

"$host" holds the described value, not "$http"
pull/30/head
Bernd Eidenschink 2017-05-11 16:07:28 +02:00 committed by Andrew Krasichkov
parent 11ebf7dbb4
commit a21d887dbe
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/en/plugins/hostspoofing.md
View File

@ -10,7 +10,7 @@ Spoofing of this header, may leads to a variety of problems, from phishing to SS
Most of the time it's a result of using `$http_host` variable instead of `$host`.
And they are quite different:
* `$http` - host in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request;
* `$host` - host in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request;
* `$http_host` - "Host" request header.
Config sample:
@ -29,4 +29,4 @@ Luckily, all is quite obvious:
## Additional info
* [Host of Troubles Vulnerabilities](https://hostoftroubles.com/)
* [Practical HTTP Host header attacks](http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html)
* [Practical HTTP Host header attacks](http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html)