locked
Request.ServerVariables["HTTP_HOST"] is NULL RRS feed

  • Question

  • User2114475019 posted

    On my Production web application we sometimes encounter exception error Request.ServerVariables["HTTP_HOST"] is NULL. I cannot duplicate this error and don't know under what circumstance this error will occur, therefore I cannot fix this error.

    Could someone show me how to generate this error, I really appreciate it.  

    Tuesday, December 10, 2019 11:22 PM

All replies

  • User475983607 posted

    The HTTP host header is probably empty due to a code generated HTTP message.  You should always validate the HTTP_HOST before using the value on your site, otherwise your site is vulnerable to phishing attacks.

    Tuesday, December 10, 2019 11:33 PM
  • User288213138 posted

    Hi net123321,

    net123321

    Request.ServerVariables["HTTP_HOST"]

    It return the name of the Web server. Generally available, unless you have some special settings.

    Do you have any special settings in your iis? Such as in the Url Rewrite.

    Best regards,

    Sam

    Wednesday, December 11, 2019 6:20 AM
  • User2114475019 posted

    Hi Sam,

    I don't have any special settings in IIS, and I don't have any Url Rewrite.

    Thanks

    Wednesday, December 11, 2019 8:21 PM
  • User2114475019 posted

    Could you elaborate on code generated HTTP message. Under what circumstance code generated HTTP message causes HTTP_HOST to be empty?

    Thanks

    Wednesday, December 11, 2019 8:26 PM
  • User475983607 posted

    Could you elaborate on code generated HTTP message. Under what circumstance code generated HTTP message causes HTTP_HOST to be empty?

    HTTP is a text based message sent between clients and web servers over TCP.  The client can send whatever HTTP message it likes.

    https://tools.ietf.org/html/rfc2616#section-14.23

    A client MUST include a Host header field in all HTTP/1.1 request
       messages . If the requested URI does not include an Internet host
       name for the service being requested, then the Host header field MUST
       be given with an empty value. An HTTP/1.1 proxy MUST ensure that any
       request message it forwards does contain an appropriate Host header
       field that identifies the service being requested by the proxy. All
       Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request)
       status code to any HTTP/1.1 request message which lacks a Host header
       field.
    Wednesday, December 11, 2019 9:19 PM