Reputation: 3256
does Apache do any DNS lookups on the Host header
I have received some results from a security scan that say that something is executing DNS A record look-ups on the URL in the Host header.
Having looked at the application code I can't see any such requests so I'm looking further up the stack.
I don't think Apache should be doing this but it's using mod_headers and mod_rewrite and maybe there is a configuration item in there that I have overlooked.
Upvotes: 0
Views: 348
Answers (1)
Reputation: 48087
A long time ago, I came across an Apache httpd that was configured to do a reverse-lookup for IP-addresses before logging. While this was long denied, some requests were served quickly, while others took a long time (depending on the time required for the reverse lookup). And it became obvious once we looked at the logs (DNS names mixed with IP-addresses)
I don't see any reason why Headers and Rewrite would ever need to resolve any of the domains - they're purely working on strings/regexp.
Recommendation to figure out what's going on: Capture the traffic and figure out what domains/addresses are looked up when. With DNS still being largely unencrypted, this might be fairly easy, and point you to the smoking gun.
Upvotes: 1
Related Questions
- What is HTTP "Host" header?
- how does Apache resolve ip-adresses to host names when using "require"?
- Apache configuration: effect of explicit :80 in http header field (host)
- Where is the HOST header taken from when relative requests are made?
- How does Apache determine the FQDN?
- Do all mainstream browsers use host headers when sending HTTP requests?
- Specifying the VirtualHost to serve up when there is no DNS Name sent in the HTTP Headers?
- Virtual host & DNS on apacheserver
- Apache host header proxy
- Virtual hosts in Apache acting according to the HTTP Host?