Fixes are available
PH11186: HTTP inbound channel custom properties 'trustedheaderorigin' and 'trustedSensitiveHeaderOrigin' do not work properly on Z/OS
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
On z/OS systems, the HTTP inbound channel custom properties trustedHeaderOrigin and trustedSensitiveHeaderOrigin are not honored even if set properly. Because of this, the private header processing controlled by those properties cannot be enabled.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All z/OS users of the HTTP channel in IBM * * WebSphere Application Server * **************************************************************** * PROBLEM DESCRIPTION: HTTP INBOUND CHANNEL CUSTOM * * PROPERTIES TRUSTEDHEADERORIGIN AND * * TRUSTEDSENSITIVEHEADERORIGIN DO NOT * * WORK PROPERLY ON Z/OS * **************************************************************** * RECOMMENDATION: * **************************************************************** On z/OS systems, the HTTP inbound channel's custom properties "trustedHeaderOrigin" and "trustedSensitiveHeaderOrigin" are not honored when set properly. As a result, the HTTP inbound channel does not process a subset of WAS-specific headers sent by proxy servers, despite how these properties are configured.
Problem conclusion
The configuration code for these properties has been corrected. The fix for this APAR is currently targeted for inclusion in fix packs 8.5.5.16 and 9.0.5.0. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH11186
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-04-17
Closed date
2019-05-13
Last modified date
2019-05-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500
Applicable component levels
R850 PSY
UP
Document Information
Modified date:
28 April 2022