[{"data":1,"prerenderedAt":183},["ShallowReactive",2],{"toc-\u002Ftasks\u002Frust-server-dns-rebinding":3,"page-\u002Ftasks\u002Frust-server-dns-rebinding":114},{"id":4,"title":5,"body":6,"description":106,"extension":107,"meta":108,"navigation":109,"path":110,"seo":111,"stem":112,"__hash__":113},"content\u002Ftasks\u002Frust-server-dns-rebinding.md","DNS rebinding (Rust HTTP transport)",{"type":7,"value":8,"toc":100},"minimark",[9,13,17,85,90,93,97],[10,11,5],"h1",{"id":12},"dns-rebinding-rust-http-transport",[14,15,16],"p",{},"A Rust HTTP transport accepts requests in a setting where local clients are expected, but browser-origin traffic can still reach the service through DNS rebinding. The task is to enforce the host boundary before request dispatch while preserving legitimate local and configured client flows.",[18,19,20,33],"table",{},[21,22,23],"thead",{},[24,25,26,30],"tr",{},[27,28,29],"th",{},"Dimension",[27,31,32],{},"Preview",[34,35,36,45,53,61,69,77],"tbody",{},[24,37,38,42],{},[39,40,41],"td",{},"Ecosystem",[39,43,44],{},"Rust",[24,46,47,50],{},[39,48,49],{},"CWE class",[39,51,52],{},"CWE-346 (Origin Validation Error)",[24,54,55,58],{},[39,56,57],{},"Security theme",[39,59,60],{},"Host-origin validation",[24,62,63,66],{},[39,64,65],{},"Work type",[39,67,68],{},"HTTP transport hardening",[24,70,71,74],{},[39,72,73],{},"Disclosure",[39,75,76],{},"Class-level security brief",[24,78,79,82],{},[39,80,81],{},"Grading focus",[39,83,84],{},"Host-boundary behavior and local-client compatibility",[86,87,89],"h2",{"id":88},"environment","Environment",[14,91,92],{},"The agent has to inspect the request path, identify where host trust is established, and add the guard where policy can actually be enforced. Broad denial is not enough; ordinary local use must continue to work.",[86,94,96],{"id":95},"evaluation-focus","Evaluation focus",[14,98,99],{},"The environment separates real host-boundary enforcement from superficial fixes such as overbroad localhost rejection, address-family assumptions, or checks performed too late in the request path. Strong solutions preserve the intended client flows while enforcing the boundary before dispatch.",{"title":101,"searchDepth":102,"depth":102,"links":103},"",2,[104,105],{"id":88,"depth":102,"text":89},{"id":95,"depth":102,"text":96},"Validate host-origin boundaries in an HTTP transport without breaking normal local clients.","md",{},true,"\u002Ftasks\u002Frust-server-dns-rebinding",{"title":5,"description":106},"tasks\u002Frust-server-dns-rebinding","aoC7qQquxzEXMcQy1qD_ZRZFWArIacOnaSwC3itr_g0",{"id":4,"title":5,"body":115,"description":106,"extension":107,"meta":181,"navigation":109,"path":110,"seo":182,"stem":112,"__hash__":113},{"type":7,"value":116,"toc":177},[117,119,121,169,171,173,175],[10,118,5],{"id":12},[14,120,16],{},[18,122,123,131],{},[21,124,125],{},[24,126,127,129],{},[27,128,29],{},[27,130,32],{},[34,132,133,139,145,151,157,163],{},[24,134,135,137],{},[39,136,41],{},[39,138,44],{},[24,140,141,143],{},[39,142,49],{},[39,144,52],{},[24,146,147,149],{},[39,148,57],{},[39,150,60],{},[24,152,153,155],{},[39,154,65],{},[39,156,68],{},[24,158,159,161],{},[39,160,73],{},[39,162,76],{},[24,164,165,167],{},[39,166,81],{},[39,168,84],{},[86,170,89],{"id":88},[14,172,92],{},[86,174,96],{"id":95},[14,176,99],{},{"title":101,"searchDepth":102,"depth":102,"links":178},[179,180],{"id":88,"depth":102,"text":89},{"id":95,"depth":102,"text":96},{},{"title":5,"description":106},1779193092949]