網頁安全

 

HTTP Host Header Injection

在 .htaccess 中

<IfModule mod_headers.c>

Header unset X-Forwarded-Host

</IfModule>

    RewriteEngine on

    RewriteCond %{HTTP_HOST} !^www.aaa.com [NC]

    #RewriteCond %{HTTP_HOST} !^(www.aaa.com|abcdef.com)$ [NC]

    RewriteCond %{REQUEST_URI} !^/error [NC]

    RewriteRule ^.(.*) - [L,F]