It's a cheat sheet about behaviour of various reverse proxies and related attacks.
It is a result of analysis of various reverse proxies, cache proxies, load balancers, etc. The article (https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/) describes the goals of the research and how you can use the cheat sheet.
Analyzed stuff:
Additional:
- Browsers
Related articles/white papers/presentations:
- Reverse proxies & Inconsistency
- Attacking Secondary Contexts in Web Applications
- Hacking Starbucks and Accessing Nearly 100 Million Customer Records
- HTTP.ninja
- Server Technologies - Reverse Proxy Bypass
- Cracking the lens: targeting HTTP's hidden attack-surface
- Abusing HTTP hop-by-hop request headers
- Smuggling HTTP headers through reverse proxies
- At Home Among Strangers
- h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
- What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs
- HTTP Desync Attacks: Request Smuggling Reborn
- Cache poisoning and other dirty tricks
- Practical Web Cache Poisoning
- Web Cache Entanglement: Novel Pathways to Poisoning
- CPDoS: Cache Poisoned Denial of Service
- The Case of the Missing Cache Keys
- Responsible denial of service with web cache poisoning
- Cache Poisoning Denial-of-Service Attack Techniques
- Cache-Key Normalization DoS
- Web Cache Deception Attack
- Cached and Confused: Web Cache Deception in the Wild