NAME

PAGI::Middleware::TrustedHosts - Host header validation middleware

SYNOPSIS

use PAGI::Middleware::Builder;

my $app = builder {
    enable 'TrustedHosts',
        hosts => ['example.com', 'www.example.com', '*.example.com'];
    $my_app;
};

DESCRIPTION

PAGI::Middleware::TrustedHosts validates the Host header against a list of allowed hosts. This helps prevent host header injection attacks.

CONFIGURATION

hosts (required)

Array of allowed host patterns. Patterns can include: - Exact hostnames: 'example.com' - Wildcard subdomains: '*.example.com' - Port specifications: 'example.com:8080'
allow_empty (default: 0)

If true, allow requests without a Host header.

HOST HEADER ATTACKS

Host header injection attacks can lead to:

Cache poisoning
Password reset poisoning
Server-Side Request Forgery (SSRF)
SQL injection in some cases

This middleware prevents these attacks by validating the Host header against a whitelist of allowed hosts.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

CONFIGURATION

HOST HEADER ATTACKS

SEE ALSO

Module Install Instructions