Hello! On Thu, Apr 14, 2022 at 10:56:58AM -0400, Jeffrey Walton wrote:
> Hi Everyone, > > I'm examining a webapp which had a scan looking for security related > errata and vulnerabilities. The app is hosted on Google Cloud (GPC) > and the webserver is Nginx. Only the app was scanned. GPC and Nginx > were not scanned. > > The scan produced an interesting finding I have not seen before. The > finding is, a HTTP Request using a fake Host: header produces a DNS > lookup. I think the concern is a DNS amplification attack (or maybe > just some extra traffic). > > I think this is how the errata or attack works. Below, theHost: header > is different from the hostname at the TLS layer. > > echo -e "GET / HTTP/1.1\r\nHost:www.fake-example.com\r\n\r\n" | \ > openssl s_client -connect www.example.com:443 -servername www.example.com > > My question is, is Nginx expected to perform a lookup for > www.fake-example.com? No (unless you've configured nginx to do so). -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
