Who Me Too'd this topic

Who Me Too'd this topic

L2 Linker

How to detect domain fronting

Hi,

 

did anyone manage to write a custom signature to detect domain fronting?

PA extracts the Host header, so in theory it should be possible to detect if the Host header is different from the URL?

 

Alternatively, if one could log the Host header one could develop external detection logic in a SIEM.

 

Regards,

    Andreas

Who Me Too'd this topic