cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Global Protect - Redirection via Arbitrary Host Header Manipulation

L0 Member

Having ran a PCI DSS compliance scan it has come back that our Global Protect VPN setup is flagged as a failing vulnerability for Redirection via Arbitrary Host Header Manipulation.

 

We have it setup to redirect to azure to authenticate account details.

 

The solution they have given us to fix the issue is;

Implementing proper validation and sanitization of input headers is essential to mitigate the risks of Host header injection.
Whitelist domains, only allow permitted domains to be included in Host header.

 

How do we go about implementing this.

Who Me Too'd this topic