This article answers a question regarding the use of arbitrary hostnames and the web application firewall
Problem or Goal
What if an attacker started using arbitrary hostnames when connecting (just putting random hostnames on the Host: HTTP header). Will this allow the attacker to bypass the Stingray Application Firewall ?
Cause
Solution
For hosts that are unknown or not yet configured, there is an option to not allow traffic for the unknown hosts under Administration > Global Configuration > allow traffic for unknown hosts (not recommended).
Each hostname should have an application assigned to it for protection/detection, which can be viewed under Application Control > Hosts
