BestHub
Sign in
Tagged articles
8 articles
Page 1 of 1
dbaplus Community
dbaplus Community
May 1, 2026 · Operations

Why a Simple Nginx Change Made All Gateway Requests Return 400 (And How to Fix It)

A production incident caused by replacing two Nginx reverse proxies introduced an upstream name with an underscore, resulting in invalid Host headers and 400 Bad Request responses from Spring Cloud Gateway; the article details the step‑by‑step investigation, evidence from logs, tcpdump, and code, and presents configuration fixes to restore normal operation.

HTTP 400Host headerNginx
0 likes · 15 min read
Why a Simple Nginx Change Made All Gateway Requests Return 400 (And How to Fix It)
Xiao Liu Lab
Xiao Liu Lab
Oct 24, 2025 · Information Security

How to Secure Nginx Against Host Header Attacks with Simple Config

This article explains why the HTTP Host header is unsafe, demonstrates how attackers can hijack password‑reset links or launch SSRF by forging it, and provides three practical Nginx configuration methods to strictly validate Host values and block malicious requests.

Host headerNginxPassword reset hijack
0 likes · 7 min read
How to Secure Nginx Against Host Header Attacks with Simple Config
macrozheng
macrozheng
Jul 22, 2023 · Fundamentals

Why Direct IP Access Fails: The Hidden Role of the Host Header in HTTPS

Although you can obtain a website’s IP address, accessing it directly via HTTPS often fails because the HTTP request’s Host header differs, and servers use this header to verify the intended domain, leading to 403 errors unless the correct Host value is supplied.

HTTPHTTPSHost header
0 likes · 5 min read
Why Direct IP Access Fails: The Hidden Role of the Host Header in HTTPS
Liangxu Linux
Liangxu Linux
Jul 18, 2023 · Fundamentals

Why Direct IP Access Fails: The Role of the Host Header

The article explains why visiting a website by its IP address often results in errors, showing that the HTTP Host header differs from domain‑based requests, and demonstrates this with Fiddler and Postman experiments using Baidu as an example.

DNSHTTPHTTPS
0 likes · 4 min read
Why Direct IP Access Fails: The Role of the Host Header
System Architect Go
System Architect Go
Mar 6, 2021 · Information Security

Understanding and Exploiting HTTP Host Header Attacks

This article explains how misconfigured HTTP Host headers can be abused for attacks such as cache poisoning, SSRF, password‑reset poisoning and other server‑side exploits, and provides practical detection methods and defensive recommendations for developers and security engineers.

HTTPHost headerSSRF
0 likes · 26 min read
Understanding and Exploiting HTTP Host Header Attacks
dbaplus Community
dbaplus Community
Mar 22, 2017 · Operations

Why Nginx Returns 400 Bad Request and How to Fix It

This article walks through a real‑world Nginx 400 Bad Request incident, explaining how missing or malformed Host headers and added proxy headers caused the error, and provides step‑by‑step diagnostics, configuration comparisons, and the final fix of using the correct $host variable.

400 Bad RequestHost headerNginx
0 likes · 13 min read
Why Nginx Returns 400 Bad Request and How to Fix It