Configuration: Request URL Override¶

Identifier: request_url_override

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Applications may incorrectly trust client-controlled headers to determine request URLs, allowing attackers to override the intended destination and bypass security controls.

How we test: We send requests with various URL override headers such as X-Forwarded-Host, X-Original-URL, or X-Rewrite-URL to test if the application uses these headers to determine the request URL. We analyze responses to detect if URL-based security controls can be bypassed.

References:

https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers

Configuration¶

Example¶

Example configuration:

---
security_tests:
  request_url_override:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.