Configuring host header validation for the IBM MQ Console and REST API
You can configure the mqweb server to restrict access to the IBM® MQ Console and REST API such that only requests that are sent with a host header that matches a specified allowlist are processed. An error is returned if a host header value that is not on the allowlist is used.
About this task
The mqweb server uses virtual hosts to define the allowlist of acceptable host headers. For more information about virtual hosts, see the WebSphere® Liberty documentation: https://www.ibm.com/docs/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/cwlp_virtual_hosts.html
To complete this task, you must be a user with sufficient privileges to edit the
mqwebuser.xml file:
- On z/OS®, you must have write access to the mqwebuser.xml file.
- On all other operating systems, you must be a privileged user.