I have given my plone website for security audit. I got an security risk of Host Header injection. I have configured my apache according to that as the material available in the internet but still the risk doesn't go away. Are there any settings internally in Plone, where we can change to mitigate the "host header injection" risk. Are there any modules that can help to mitigate this risk.
In django , in a settings file we can give allowed hosts, are there any solutions like that with our plone?
Thank you. This community has supported me a lot and hoping to get more help
Did you check the HTTP_X_FORWARDED_HOST
and Host
to deny access in your apache conf files?