victim (often a guessable private IP address such as 127.0.0.1 or 192.168.1.1). Applications that use TLS are not vulnerable to this attack (because the browser will display certificate mismatch warnings that target site). 6.1. User’s guide 35Tornado Documentation, Release 6.5.1 Applications that cannot use TLS and rely on network-level access controls (for example, assuming that a server on 127.0.0.1 can only 6.2. Web framework 53Tornado Documentation, Release 6.5.1 Warning: Applications that do not use TLS may be vulnerable to DNS rebinding attacks. This attack is especially relevant to applications that

that use TLS are not vulnerable to this attack (because the browser will display certificate mismatch warnings that block automated access to the target site). Applications that cannot use TLS and rely parameter value is matched against host regular expressions. Warning Applications that do not use TLS may be vulnerable to DNS rebinding attacks. This attack is especially relevant to applications that read_from_fd() BaseIOStream.get_fd_error() Implementations IOStream IOStream.connect() IOStream.start_tls() SSLIOStream SSLIOStream.wait_for_handshake() PipeIOStream Exceptions StreamBufferFullError StreamClosedError