Tagged articles

host-header

9 articles · Page 1 of 1
ITPUB
ITPUB
Jun 10, 2026 · Operations

Avoidable P1 Outage: How Nginx Changes Caused All Gateway Requests to Return 400

A production change replaced two Nginx reverse‑proxy servers, introduced an upstream name containing an underscore, broke the Host header required by HTTP/1.1, and caused Spring Cloud Gateway to return 400 Bad Request for every request until the configuration was corrected.

400-bad-requestHTTPNGINX
0 likes · 16 min read
Avoidable P1 Outage: How Nginx Changes Caused All Gateway Requests to Return 400
dbaplus Community
dbaplus Community
May 1, 2026 · Operations

Why a Simple Nginx Change Made All Gateway Requests Return 400 (And How to Fix It)

A production incident caused by replacing two Nginx reverse proxies introduced an upstream name with an underscore, resulting in invalid Host headers and 400 Bad Request responses from Spring Cloud Gateway; the article details the step‑by‑step investigation, evidence from logs, tcpdump, and code, and presents configuration fixes to restore normal operation.

HTTP 400NGINXSRE
0 likes · 15 min read
Why a Simple Nginx Change Made All Gateway Requests Return 400 (And How to Fix It)
Xiao Liu Lab
Xiao Liu Lab
Oct 24, 2025 · Information Security

How to Secure Nginx Against Host Header Attacks with Simple Config

This article explains why the HTTP Host header is unsafe, demonstrates how attackers can hijack password‑reset links or launch SSRF by forging it, and provides three practical Nginx configuration methods to strictly validate Host values and block malicious requests.

NGINXPassword reset hijackhost-header
0 likes · 7 min read
How to Secure Nginx Against Host Header Attacks with Simple Config
Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Jul 14, 2024 · Information Security

The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)

This article demonstrates how a NextJS SSRF vulnerability (CVE‑2024‑34351) can be exploited by abusing the HTTP Host header, walks through the underlying code, reproduces the attack to retrieve a protected flag file, and discusses mitigation strategies for developers.

CVE-2024-34351Vulnerability Exploitationhost-header
0 likes · 11 min read
The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)
macrozheng
macrozheng
Jul 22, 2023 · Fundamentals

Why Direct IP Access Fails: The Hidden Role of the Host Header in HTTPS

Although you can obtain a website’s IP address, accessing it directly via HTTPS often fails because the HTTP request’s Host header differs, and servers use this header to verify the intended domain, leading to 403 errors unless the correct Host value is supplied.

HTTPHTTPSIP address
0 likes · 5 min read
Why Direct IP Access Fails: The Hidden Role of the Host Header in HTTPS
Liangxu Linux
Liangxu Linux
Jul 18, 2023 · Fundamentals

Why Direct IP Access Fails: The Role of the Host Header

The article explains why visiting a website by its IP address often results in errors, showing that the HTTP Host header differs from domain‑based requests, and demonstrates this with Fiddler and Postman experiments using Baidu as an example.

DNSHTTPHTTPS
0 likes · 4 min read
Why Direct IP Access Fails: The Role of the Host Header
System Architect Go
System Architect Go
Mar 6, 2021 · Information Security

Understanding and Exploiting HTTP Host Header Attacks

This article explains how misconfigured HTTP Host headers can be abused for attacks such as cache poisoning, SSRF, password‑reset poisoning and other server‑side exploits, and provides practical detection methods and defensive recommendations for developers and security engineers.

HTTPVulnerabilitycache poisoning
0 likes · 26 min read
Understanding and Exploiting HTTP Host Header Attacks
dbaplus Community
dbaplus Community
Mar 22, 2017 · Operations

Why Nginx Returns 400 Bad Request and How to Fix It

This article walks through a real‑world Nginx 400 Bad Request incident, explaining how missing or malformed Host headers and added proxy headers caused the error, and provides step‑by‑step diagnostics, configuration comparisons, and the final fix of using the correct $host variable.

400-bad-requestNGINXhost-header
0 likes · 13 min read
Why Nginx Returns 400 Bad Request and How to Fix It