This is the Nginx Configuration File:
events {}
http {
upstream backend {
server app:3000;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
}
}
GET / HTTP/1.1
Host: ec2-54-164-141-50.compute-1.amazonaws.com
X-Real-IP: evil.com
Response
Nothing changes because x-real-ip
is not spoofable.
GET / HTTP/1.1
Host: ec2-54-164-141-50.compute-1.amazonaws.com
X-Forwarded-For: evil.com
Response
The host gets appended to an array
Not sure if I correctly configured the X-Forwarded-Host
header because it is set the same as $host
. Anyways, changing the Host
header will result in both being changed.
GET / HTTP/1.1
Host: evil.com