Possible virtual host found
Description
This web server responds differently when the HTTP Host header is modified to test for common virtual host names. Virtual hosting allows a single web server to host multiple websites or applications, each identified by a different domain name in the Host header. When a server reveals the presence of undocumented or unintended virtual hosts through these probes, it may expose internal applications, development environments, or administrative interfaces that were not meant to be publicly accessible.
Remediation
Review your web server's virtual host configuration to identify all configured virtual hosts and determine which should be publicly accessible. Remove or restrict access to any virtual hosts that are intended for internal use only.
For Apache, review the virtual host configuration files (typically in /etc/apache2/sites-enabled/ or httpd.conf) and ensure internal virtual hosts are bound to internal IP addresses or protected by IP-based access controls:
<VirtualHost 10.0.0.1:80>
ServerName internal.example.com
<Directory /var/www/internal>
Require ip 10.0.0.0/8
</Directory>
</VirtualHost>For Nginx, review the server block configurations (typically in
/etc/nginx/sites-enabled/) and restrict access using the allow and deny directives:server {
listen 80;
server_name internal.example.com;
location / {
allow 10.0.0.0/8;
deny all;
}
}Additionally, configure a default virtual host that returns a generic response for unrecognized Host headers to prevent information leakage through server responses. Regularly audit your virtual host configurations to ensure they align with your security policies.