Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
6
6
655362015-10-27 20:17:38
PHP
65536, 2015-10-27 20:17:38

Is there an alternative to HTTP_HOST without hardcoding?

Here is a good description of the problem habrahabr.ru/post/166855 and two solutions, one with setting allowed hosts in php, the second in general in nginx configs.
Maybe there are other options? The goal is to get rid of the hole and additional rituals when transferring to another host

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexander Aksentiev, 2015-10-27
@Sanasol

Don't use http_host in scripts?

Report
D
Dmitry Evgrafovich, 2015-10-27
@Tantacula

I may have missed something or did not understand, please explain. Here I collect statistics on visits and http_host, like all other data, is written to the database through pdo or orm, which uses the same pdo. How does the attacker implement the injection?

Similar questions
N
nickostyle2014-04-22 13:05:16
Is it possible to repost from social networks to the site? 9Reply
W
w_b_x2018-02-13 22:15:51
How is the user's session properly checked? 1Reply
U
uuuu2021-06-17 22:39:13
How to connect once to the database? 18Reply
T
tokyodead2021-06-18 10:46:18
Can you help with a PHP function? 3Reply
A
Alexander2018-02-14 13:02:04
How not to load a page from the cache? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question