We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
How to prevent "Host header attack" ?
How to prevent "Host header attack" ?
Hi,
My VestaCP server seams to be used to make requests know as "Host header attack".
Someone is launching hundred request to inexistant subdomains of real hosted domain.
Here an example of request :
I'm looking for the best way to correct this by manipuling Content-Security-Policy inside the /etc/apache2/conf.d/92.xxx.bbb.69.conf file, but I don't know wich rule to use...
Is someone know how to doing this ?
My VestaCP server seams to be used to make requests know as "Host header attack".
Someone is launching hundred request to inexistant subdomains of real hosted domain.
Here an example of request :
Code: Select all
server.domain.net - - [04/May/2020:13:56:22 +0200] "GET /license?api_key=<snip>&username=Me_website&uuid=793b341d-ca63-411a-beca-c4cadfbfc512&database=mysql&revolution_version=Revolution-2.7.3-pl&supports=Revolution-2.7.3-pl&http_host=inexistantsubdomain.existantdomain.net&php_version=7.2.24-0ubuntu0.18.04.4&language=fr&key=35a947f2465a1d5cac32d01952dfac66&package=agenda HTTP/1.1" 200 429 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)"
Is someone know how to doing this ?