> On Mar 5, 2018, at 7:48 AM, Jeremy Payne <[email protected]> wrote: > > Is it safe to conclude that in terms of request routing, that this CVE > only applies to proxies in forward proxy mode ? Or rather forward > proxies that parse the host header to determine next hop ? > In reverse proxy mode, where remap rules are explicitly defined, then > a request either matches a remap or the request is denied. > > Please advise.
If I recall, this can be used in any proxy mode. A well crafted request could for example cause an origin or different upstream parent, to look at the wrong host header, which could be bad if that origin handles different hosts differently. — leif
