diff --git a/development/playbooks/smoker/smoker.yaml b/development/playbooks/smoker/smoker.yaml
index 59c32f6b0..0fa989fd7 100644
--- a/development/playbooks/smoker/smoker.yaml
+++ b/development/playbooks/smoker/smoker.yaml
@@ -6,10 +6,14 @@
     - ../../../src/vars/foreman.yml
     - "{{ obsah_state_path }}/parameters.yaml" # this is a hack to load persisted params without enabling persisting
   vars:
-    smoker_base_url: "https://{{ hostvars['quadlet'].ansible_default_ipv4.address }}"
+    smoker_version: headers
+    smoker_base_url: "https://{{ hostvars['quadlet'].ansible_fqdn }}"
     smoker_variables:
       username: "{{ foreman_initial_admin_username }}"
       password: "{{ foreman_initial_admin_password }}"
+      headers:
+        Host: "{{ hostvars['quadlet'].ansible_fqdn }}"
+      host_resolver_rules: "MAP {{ hostvars['quadlet'].ansible_fqdn }} {{ hostvars['quadlet'].ansible_default_ipv4.address }}"
     # We want to rely on the OS to already provide the needed packages
     smoker_browser_packages: []
     pytest_project_packages: []
diff --git a/src/roles/foreman/templates/settings.yaml.j2 b/src/roles/foreman/templates/settings.yaml.j2
index 0cde4836c..8b599cf4a 100644
--- a/src/roles/foreman/templates/settings.yaml.j2
+++ b/src/roles/foreman/templates/settings.yaml.j2
@@ -3,6 +3,9 @@
 :fqdn: {{ foreman_name }}
 :foreman_url: {{ foreman_url }}
 
+:hosts:
+  - {{ foreman_name }}
+
 :ssl_certificate: /etc/foreman/client_cert.pem
 :ssl_ca_file: /etc/foreman/katello-default-ca.crt
 :ssl_priv_key: /etc/foreman/client_key.pem
diff --git a/tests/foreman_test.py b/tests/foreman_test.py
index 6e5fdf438..361dbe42c 100644
--- a/tests/foreman_test.py
+++ b/tests/foreman_test.py
@@ -13,8 +13,8 @@
 ]
 
 @pytest.fixture(scope="module")
-def foreman_status_curl(server):
-    return server.run(f"curl --header 'X-FORWARDED-PROTO: https' --silent --write-out '%{{stderr}}%{{http_code}}' http://{FOREMAN_HOST}:{FOREMAN_PORT}/api/v2/ping")
+def foreman_status_curl(server, server_fqdn):
+    return server.run(f"curl --header 'X-FORWARDED-PROTO: https' --silent --write-out '%{{stderr}}%{{http_code}}' http://{server_fqdn}:{FOREMAN_PORT}/api/v2/ping")
 
 @pytest.fixture(scope="module")
 def foreman_status(foreman_status_curl):
@@ -92,3 +92,9 @@ def test_foreman_domain_in_mail_settings(foremanapi, server_fqdn, setting):
     settings = foremanapi.list('settings', search=f'name={setting}')
     domain = str.join('.', server_fqdn.split('.')[1:])
     assert domain in settings[0]['value']
+
+
+def test_foreman_host_injection(server):
+    cmd = server.run(f"curl --header 'X-FORWARDED-PROTO: https' --silent --write-out '%{{stderr}}%{{http_code}}' --resolve evil.hackers.test:{FOREMAN_PORT}:127.0.0.1 http://evil.hackers.test:{FOREMAN_PORT}/api/v2/ping")
+    assert cmd.succeeded
+    assert cmd.stderr == '403'