no real way to protect against dns rebinding in a standard web app codebase unfortunately, it's a system-level issue. would have to handle dns resolution in the app itself which is impractical