Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "InvalidHost" page has been changed by thumbs: http://wiki.apache.org/httpd/InvalidHost New page: = Rejecting clients with an invalid Host: header = This short article describes how to use mod_security to block HTTP clients with a broken or missing Host: header. The IfModule lines are not mandatory. <IfModule mod_security2.c><<BR>> SecAuditEngine Off<<BR>> SecRuleEngine On<<BR>> SecRule REQUEST_METHOD "^((?:connect|trace))$" "log,drop,phase:1"<<BR>> SecRule &REQUEST_HEADERS:User-Agent "@eq 0" "log,drop,phase:1"<<BR>> SecRule &REQUEST_HEADERS:Host "@eq 0" "log,drop,phase:1"<<BR>> SecRule REQUEST_HEADERS:User-Agent "^$" "log,drop,phase:1"<<BR>> SecRule REQUEST_HEADERS:Host "^$" "log,drop,phase:1"<<BR>> </IfModule><<BR>> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
