We have a security scan risk where the request from the browser in Burp is intercepted, modified to have a malicious host, and sent to the server. We have observed that the server redirects to a malicious site.
Below are my queries:
I got the reference to points 2 and 3 from here: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/additional-headers-on-disp...
Any help on this would be appreciated.
Environment: AEM as cloud service, 2023.3.11382.20230315T073850Z version
Thanks,
Kiran Vedantam.
Solved! Go to Solution.
Views
Replies
Total Likes
Header always unset host
<If "%{HTTP_HOST} == 'mywebsite'"> </If> <Else> RewriteRule ^.*$ http://mywebsite/404 [L] </Else>
Hi @Kiran_Vedantam
You can do following :
1. Remove the host header from response, I don't see any harm.
2. Whitelist the Publisher/dispatcher IP at CDN
3. Check host header in request header
Thanks for the response @arunpatidar
Can you please help me with the working piece of code for points 1 and 3 that you have mentioned?
Thanks,
Kiran Vedantam.
Header always unset host
<If "%{HTTP_HOST} == 'mywebsite'"> </If> <Else> RewriteRule ^.*$ http://mywebsite/404 [L] </Else>
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies