Turning off the host header injection check
By default, IBM Cloud Pak® for Data rejects requests that contain invalid external routes to prevent host header injection attacks. However, if you use a load balancer and reverse proxy servers to manage host headers before requests are forwarded to Cloud Pak for Data, you must turn off the host header injection check to enable Cloud Pak for Data to accept incoming requests.
- Who needs to complete this task?
- To complete this task, you must be either:
- A cluster administrator
- An administrator of the project where Cloud Pak for Data is installed
- When do you need to complete this task?
- Complete this task only if your cluster uses a load balancer and reverse proxy servers to manage host headers.
Before you begin
Best practice: You can run the commands in
this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.
Ensure that you source the environment variables before you run the commands in this task.
Procedure
Results
Tip: If you need to turn the host
header injection check on, you can re-run the preceding commands with
"HOST_INJECTION_CHECK_ENABLED":"true"
.