HTTP Host头攻击漏洞
请参照:https://www.cnblogs.com/zyilong/p/handel_httphost_attack.html
该漏洞仅对HTTP有效,所以另外一个方法是全站启用HTTPS。
扩展阅读:
Apache Module mod_headers:http://httpd.apache.org/docs/2.2/mod/mod_headers.html
HTTP头:https://cloud.tencent.com/developer/section/1190030