【Host Header】What Is An HTTP Host Header Injection?
Mar 07, 2022
To understand the host header injection, we must first look at what a host header is, how it works, and how to manipulate it to inject malicious content, poison web caches, reset passwords, and more.
Here’s what you need to know about the host header and this injection attack!
Table of contentsWhat is an HTTP Host header?What is the function of the HTTP Host header?What are Host header injections?Web cache poisoningPassword reset poisoningHost header injection vulnerabilitiesHow to prevent Host header attacks?FAQs
The HTTP host header is a request header that specifies the domain that a client (browser) wants to access. This header is necessary because it is pretty standard for servers to host websites and applications at the same IP address. However, they don’t automatically know where to direct the request.
When the server receives a request, it checks the host header parameter to determine which domain needs to process the request and then dispatches it. Sometimes the header may be amended in being routed to the appropriate domain. That is where the host header injection may occur.
The reason many websites are hosted on one IP address is due to, on the one hand, the exhaustion of IPv4 addresses, as well as due to the popularity of cloud hosting.
There are two main ways multiple