Skip to content

Host Header poisoning detection #1542

New issue
New issue
Open
Open
Host Header poisoning detection#1542
@HackingRepo

Description

@HackingRepo
HackingRepo
opened on Mar 8, 2026

Summary

That feature will block host header poisoning attacks.

Basic example

In owasp coraza, The waf will check the valid vhosts and the server names, that can be used in Host: headers if the host header not match those valid vhosts, return 403 and block the request

Motivation

Because of host header poisoning danger can be used to steal password reset token and to bypass security controls and for sophiscated phishing.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions