IBM Support

PH02406: Need simpler way to reject unknown hostnames

Fixes are available

9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Add simpler way to reject unknown hostnames

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  Users of IBM HTTP Server 9.0                *
****************************************************************
* PROBLEM DESCRIPTION: Need simpler way to reject unknown      *
*                      hostnames                               *
****************************************************************
* RECOMMENDATION:  Apply this fix                              *
****************************************************************
By default, the server will respond to requests for any
hostname, including requests addressed to unexpected or
unconfigured hostnames.
While this is convenient, it is sometimes desirable to limit
what hostnames a backend application handles since it will
often generate self-referential responses.

    



Problem conclusion


    

  • A StrictHostCheck directive was added. If set to ON, the
server will return an HTTP 400 error if the requested hostname
hasn't been explicitly listed by either ServerName or
ServerAlias in the virtual host that best matches the details
of the incoming connection.

The directive also allows matching of the requested hostname
to hostnames specified within the opening VirtualHost tag,
which is a relatively obscure configuration mechanism that
acts like additional ServerAlias entries.

This fix is targeted for IBM HTTP Server fix packs:
- 9.0.0.11

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH02406
    • 

  • Reported component name
    IBM HTTP SERVER
    • 

  • Reported component ID
    5724J0801
    • 

  • Reported release
    900
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-09-06
    • 

  • Closed date
    2019-03-25
    • 

  • Last modified date
    2019-03-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM HTTP SERVER
    • 

  • Fixed component ID
    5724J0801
    • 



Applicable component levels


    

  • R900  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 September 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback