At $dayjob I am seeing a lot of users running scans that flag any HTTP response that incorporates the Host header into the response as "vulnerable", even if the host is syntactically valid.
AIUI the standard solution is to create a default NVH for each host:port combo to trap unknowns and use it to return an error. But this is a lot of work. Rewrite has its own baggage (add it global, add it to each VH, add it before other rewrites) (things like proxy and CGI/PHP mean UseCanonicalName is insufficient) Nothing currently crawls all ServerName/ServerAlias, becuase we always select the best IP-based match firs then compare strings from the result. Is anyone else interested in another way to configure this? Would you want to crawl all servername/serveralias when enabled or pass in a separate whitelist to a new directive? With the latter, you could at least make sure the e.g. *.example.com showed up without checking the gory details. -- Eric Covener cove...@gmail.com