What is a DNS Rebinding Attack?
A DNS rebinding attack tricks a victim’s browser into believing a malicious domain is your trusted domain (e.g. localhost, 127.0.0.1). Once the DNS entry changes to point to your internal server, the attacker can interact with private network services.
Why Symfony Apps Are at Risk
Symfony-based web applications often expose endpoints not specifically hardened for internal access. A successful DNS rebinding exploit can allow cross-domain requests into these internal routes, bypassing authentication or accessing private APIs.
🧠 How DNS Rebinding Works
-
Attacker registers
attacker.com. -
Victim visits
attacker.com/browser.js. - The DNS initially resolves to a public server controlled by attacker.
- After loading, the attacker updates the DNS to resolve to
127.0.0.1. - The script now interacts with your local Symfony app.
💻 Symfony Defense: Secure Request Headers
Use Symfony's HTTP foundation to inspect and reject suspicious requests:
// src/EventListener/DnsRebindingListener.php
namespace App\EventListener;
use Symfony\Component\HttpKernel\Event\RequestEvent;
class DnsRebindingListener
{
public function onKernelRequest(RequestEvent $event): void
{
$req = $event->getRequest();
$host = $req->headers->get('host');
// Only allow your domain(s)
$allowedHosts = ['example.com', 'api.example.com'];
if (!in_array($host, $allowedHosts, true)) {
throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(
"Invalid host: $host"
);
}
}
}
Register the listener:
# config/services.yaml
services:
App\EventListener\DnsRebindingListener:
tags:
- { name: kernel.event_listener, event: kernel.request, method: onKernelRequest }
🔐 Reinforce with Security Headers
Configure trusted origins and anti-CSRF settings in Symfony:
# config/packages/framework.yaml
framework:
router:
strict_requirements: null
trusted_hosts: ['^example\.com$']
session:
cookie_secure: auto
cookie_samesite: lax
csrf_protection: true
Consider adding these via middleware or server config:
# .htaccess or server block
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set X-Frame-Options DENY
✅ Testing with Pentest Testing Corp’s Free Tool
You can test for DNS rebinding vulnerabilities using our free Website Vulnerability Scanner:
- Visit: https://free.pentesttesting.com/
- Enter your Symfony application URL
- Review the interactive results
Screenshot of the Website Vulnerability Scanner tool homepage:
Screenshot of the free tools webpage where you can access security assessment tools.
Example assessment report to check Website Vulnerability:
An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.
🛠️ Advanced Configuration Example
// src/Middleware/HostnameValidatorMiddleware.php
namespace App\Middleware;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class HostnameValidatorMiddleware
{
private array $allowedHosts;
public function __construct(array $allowedHosts)
{
$this->allowedHosts = $allowedHosts;
}
public function __invoke(Request $request, callable $next): Response
{
if (!in_array($request->getHost(), $this->allowedHosts, true)) {
throw new AccessDeniedHttpException("Invalid Host: {$request->getHost()}");
}
return $next($request);
}
}
Register with Service Container and add to the security/firewall pipeline.
🌟 Additional Pentest Testing Corp Resources
- Learn more on our blog: Pentest Testing Corp
- Secure Web Apps Penetration Testing Services: Web App Testing
- Offer cybersecurity to your clients: Partner With Us
📰 Stay Updated
Subscribe for new guides on Symfony security:
🔗 Subscribe on LinkedIn
🔚 Conclusion
DNS rebinding is stealthy but preventable. Rely on domain validation, strict headers, and active testing like Pentest Testing Corp’s free tool for Website Security test. Stay ahead of threats by combining technical safeguards with proactive vulnerability assessment.
Top comments (0)