Protecting from host header injection
Prevent this security vulnerability by implementing properties for whitelisting servers in the Decision Center and Rule Execution Server archives.
About this task
When creating URI for links in web applications, developers typically use the HTTP host header available in the HTTP request that is sent from the client side. An attacker can exploit this practice by sending a fake header that contains a domain name that, for example, can be used to corrupt the web cache or password reset emails.
Follow this procedure to prevent a host header injection attack on Decision Center and Rule Execution Server.