HOST Header風險研究參考文章

 HTTP Host Header Attack: Explanation and Examples
https://crashtest-security.com/invalid-host-header/

HTTP Header Injection
https://security.snyk.io/vuln/SNYK-PHP-CODEIGNITERFRAMEWORK-70370

Configuring Apache to avoid common vulnerabilities in web applications
https://medium.com/prod-io/configuring-apache-to-avoid-common-vulnerabilities-in-web-applications-65a213c07fd3


HTTP Cache Poisoning via Host Header Injection
https://carlos.bueno.org/2008/06/host-header-injection.html

浅谈“HTTP Host头攻击”
https://blog.csdn.net/weixin_39934520/article/details/107916067
https://codeantenna.com/a/vawP9rlpLe

Apache remove X-Forwarded-For completely
https://serverfault.com/questions/899405/apache-remove-x-forwarded-for-completely

Is there a way to remove apaches Reverse Proxy Request Headers?
https://stackoverflow.com/questions/7312215/is-there-a-way-to-remove-apaches-reverse-proxy-request-headers

X-Forwarded-Host vs. x-Forwarded-Server
https://stackoverflow.com/questions/43689625/x-forwarded-host-vs-x-forwarded-server

利用HTTP Host header頭攻擊技術詳解
https://www.fujieace.com/hacker/http-host-header.html

PHP $_SERVER['SERVER_NAME'] 與$_SERVER['HTTP_HOST'] 的差異
https://www.jishuchi.com/read/php-interview/2692

How to prevent host header injection in apache
https://infinitbility.com/how-to-prevent-host-header-injection-in-apache/

PHP無法在$_SERVER內取得自訂header
https://kingfff.blogspot.com/2017/05/apache-php-header-server-invalid-characters-underscores.html

[PHP] $_server
https://nknuahuang.wordpress.com/2016/10/27/php-_server/

PHP $_SERVER['HTTP_HOST'] vs. $_SERVER['SERVER_NAME'], am I understanding the manual pages correctly?
https://stackoverflow.com/questions/1459739/php-serverhttp-host-vs-serverserver-name-am-i-understanding-the-ma

PHP 中 $_SERVER 的 SERVER_NAME 与 HTTP_HOST
https://www.jianshu.com/p/155b52960ad8

[PHP]使用$_SERVER擷取網址個別值
https://dotblogs.com.tw/jhsiao/2015/07/27/151960

使用$_SERVER['HTTP_HOST']时需注意的
https://blog.51cto.com/u_15335877/3502794

資安議題 — Http Security Header
https://medium.com/%E7%A8%8B%E5%BC%8F%E6%84%9B%E5%A5%BD%E8%80%85/%E9%97%9C%E6%96%BC%E5%AE%89%E5%85%A8%E6%80%A7%E7%9A%84header-b3b7adcb0fca

HTTP Host Header 資安弱點
https://blog.darkthread.net/blog/host-header-vulnerability/

HTTP的HOST Header被濫用之問題
https://slashview.com/archive2015/20150107.html

HTTP Host 头攻击 -- 学习笔记
https://blog.csdn.net/angry_program/article/details/109034421

網站程式開發的注意事項,關於資訊安全與修補方式....陸續補充 (ASP.Net)
https://sweeteason.pixnet.net/blog/post/41779906-%E7%B6%B2%E7%AB%99%E7%A8%8B%E5%BC%8F%E9%96%8B%E7%99%BC%E7%9A%84%E6%B3%A8%E6%84%8F%E4%BA%8B%E9%A0%85%EF%BC%8C%E9%97%9C%E6%96%BC%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E8%88%87%E4%BF%AE



留言

這個網誌中的熱門文章

何謂淨重(Net Weight)、皮重(Tare Weight)與毛重(Gross Weight)

Architecture(架構) 和 Framework(框架) 有何不同?_軟體設計前的事前規劃的藍圖概念

經得起原始碼資安弱點掃描的程式設計習慣培養(五)_Missing HSTS Header