• Douwe Maan's avatar
    Protect Gitlab::HTTP against DNS rebinding attack · 4b221ff8
    Douwe Maan authored
    Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
    blocked, and then uses the same IP to perform the actual request, while
    passing the original hostname in the `Host` header and SSL SNI field.
    4b221ff8
security-http-hostname-override-11-11.yml 99 Bytes