AnsweredAssumed Answered

Specifcs of trigger for "http request path host header mismatch"

Question asked by Renee Russell on Feb 15, 2019
Latest reply on Feb 15, 2019 by William Motley

Hello,

 

I wanted to get clarification on what criteria analysis.service gets populated with "http request path host header mismatch"

Specifically does is it: domain mismatch , tld mismatch or entirely different domains altogether.

 

I see this  from Hunting Guide:

http.lua

analysis.service

http request path host header mismatch

The request path specified a host other than the value of the HOST:header

Indicative of domain fronting, though may be legitimate when used by CDNs.

Outcomes