You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by Apache Wiki <wi...@apache.org> on 2011/08/29 23:00:51 UTC
[Httpd Wiki] Update of "InvalidHost" by thumbs
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "InvalidHost" page has been changed by thumbs:
http://wiki.apache.org/httpd/InvalidHost
New page:
= Rejecting clients with an invalid Host: header =
This short article describes how to use mod_security to block HTTP clients with a broken or missing Host: header. The IfModule lines are not mandatory.
<IfModule mod_security2.c><<BR>>
SecAuditEngine Off<<BR>>
SecRuleEngine On<<BR>>
SecRule REQUEST_METHOD "^((?:connect|trace))$" "log,drop,phase:1"<<BR>>
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" "log,drop,phase:1"<<BR>>
SecRule &REQUEST_HEADERS:Host "@eq 0" "log,drop,phase:1"<<BR>>
SecRule REQUEST_HEADERS:User-Agent "^$" "log,drop,phase:1"<<BR>>
SecRule REQUEST_HEADERS:Host "^$" "log,drop,phase:1"<<BR>>
</IfModule><<BR>>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org