Forum OpenACS Development: Re: Untrusted host header
On OpenACS sites, in most cases, there is only one server configured. When the host header field contains a value, which is unknown, it falls back to the default server - which is for OpenACS the right thing. The accepted values are defined per driver in the */servers" section, where a domain name or IP address is mapped to the logical server (see e.g. ). In case, an OpenACS instance should be called under different names, these should be added to this section in the configuration file. Note that versions of NaviServer (4.99.16 or newer, see ) require less entries there.
When running behind a proxy, it is probably better to add the expected entry to the */servers section, since the host header sent to nginx could as well contain already a port, so the concatenation might be as well a problem.
All the best