HOST Header風險研究參考文章

 HTTP Host Header Attack: Explanation and Examples

https://crashtest-security.com/invalid-host-header/

HTTP Header Injection

https://security.snyk.io/vuln/SNYK-PHP-CODEIGNITERFRAMEWORK-70370

Configuring Apache to avoid common vulnerabilities in web applications

https://medium.com/prod-io/configuring-apache-to-avoid-common-vulnerabilities-in-web-applications-65a213c07fd3

HTTP Cache Poisoning via Host Header Injection

https://carlos.bueno.org/2008/06/host-header-injection.html

浅谈“HTTP Host头攻击”

https://blog.csdn.net/weixin_39934520/article/details/107916067

https://codeantenna.com/a/vawP9rlpLe

Apache remove X-Forwarded-For completely

https://serverfault.com/questions/899405/apache-remove-x-forwarded-for-completely

Is there a way to remove apaches Reverse Proxy Request Headers?

https://stackoverflow.com/questions/7312215/is-there-a-way-to-remove-apaches-reverse-proxy-request-headers

X-Forwarded-Host vs. x-Forwarded-Server

https://stackoverflow.com/questions/43689625/x-forwarded-host-vs-x-forwarded-server

利用HTTP Host header頭攻擊技術詳解

https://www.fujieace.com/hacker/http-host-header.html

PHP $_SERVER['SERVER_NAME'] 與$_SERVER['HTTP_HOST'] 的差異

https://www.jishuchi.com/read/php-interview/2692

How to prevent host header injection in apache

https://infinitbility.com/how-to-prevent-host-header-injection-in-apache/

PHP無法在$_SERVER內取得自訂header

https://kingfff.blogspot.com/2017/05/apache-php-header-server-invalid-characters-underscores.html

[PHP] $_server

https://nknuahuang.wordpress.com/2016/10/27/php-_server/

PHP $_SERVER['HTTP_HOST'] vs. $_SERVER['SERVER_NAME'], am I understanding the manual pages correctly?

https://stackoverflow.com/questions/1459739/php-serverhttp-host-vs-serverserver-name-am-i-understanding-the-ma

PHP 中 $_SERVER 的 SERVER_NAME 与 HTTP_HOST

https://www.jianshu.com/p/155b52960ad8

[PHP]使用$_SERVER擷取網址個別值

https://dotblogs.com.tw/jhsiao/2015/07/27/151960

使用$_SERVER['HTTP_HOST']时需注意的

https://blog.51cto.com/u_15335877/3502794

資安議題 — Http Security Header

https://medium.com/%E7%A8%8B%E5%BC%8F%E6%84%9B%E5%A5%BD%E8%80%85/%E9%97%9C%E6%96%BC%E5%AE%89%E5%85%A8%E6%80%A7%E7%9A%84header-b3b7adcb0fca

HTTP Host Header 資安弱點

https://blog.darkthread.net/blog/host-header-vulnerability/

HTTP的HOST Header被濫用之問題

https://slashview.com/archive2015/20150107.html

HTTP Host 头攻击 -- 学习笔记

https://blog.csdn.net/angry_program/article/details/109034421

網站程式開發的注意事項，關於資訊安全與修補方式....陸續補充 (ASP.Net)

https://sweeteason.pixnet.net/blog/post/41779906-%E7%B6%B2%E7%AB%99%E7%A8%8B%E5%BC%8F%E9%96%8B%E7%99%BC%E7%9A%84%E6%B3%A8%E6%84%8F%E4%BA%8B%E9%A0%85%EF%BC%8C%E9%97%9C%E6%96%BC%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E8%88%87%E4%BF%AE