Share via

ForwardedHeadersOptions.AllowedHosts Property


The allowed values from x-forwarded-host. If the list is empty then all hosts are allowed. Failing to restrict this these values may allow an attacker to spoof links generated by your service.

 property System::Collections::Generic::IList<System::String ^> ^ AllowedHosts { System::Collections::Generic::IList<System::String ^> ^ get(); void set(System::Collections::Generic::IList<System::String ^> ^ value); };
public System.Collections.Generic.IList<string> AllowedHosts { get; set; }
member this.AllowedHosts : System.Collections.Generic.IList<string> with get, set
Public Property AllowedHosts As IList(Of String)

Property Value


  • Port numbers must be excluded.
  • A top level wildcard "*" allows all non-empty hosts.
  • Subdomain wildcards are permitted. E.g. "*" matches subdomains like, but not the parent domain
  • Unicode host names are allowed but will be converted to punycode for matching.
  • IPv6 addresses must include their bounding brackets and be in their normalized form.

Applies to