IBM Support

PH33180: ENABLE TRUSTEDHEADERORIGIN TO BE CONFIGURED WITH HOSTNAMES AND IP SEGMENTS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as new function.

Error description

  • The existing HTTP transport channel custom properties
    trustedHeaderOrigin and trustedSensitiveHeaderOrigin should be
    configurable with hostnames and IP segments. As examples,
    "*.ibm.com", "1.2.3.*", "localhost", etc. should be accepted
    as valid trusted remote host configurations.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  Users of the HTTP channel in IBM            *
    *                  WebSphere Application Server                *
    ****************************************************************
    * PROBLEM DESCRIPTION: The HTTP transport channel              *
    *                      properties trustedHeaderOrigin and      *
    *                      trustedSensitiveHeaderOrigin only       *
    *                      accept full IP addresses.               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The configuration properties
    trustedHeaderOrigin and trustedSensitiveHeaderOrigin are
    difficult to configure for complex networks.
    

Problem conclusion

  • The configuration properties trustedHeaderOrigin and
    trustedSensitiveHeaderOrigin have been updated to additionally
    accept IP wildcard segments and hostnames with wildcards. For
    example, "127.0.*.*, *.ibm.com" would be a valid configuration.
    
    The fix for this APAR is currently targeted for inclusion in
    fixpacks 21.0.0.2, 8.5.5.20, and 9.0.5.7.
    
    Please refer to the recommended updates page for delivery
    information:
    
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH33180

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    900

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-01-08

  • Closed date

    2021-03-17

  • Last modified date

    2021-03-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"900"}]

Document Information

Modified date:
18 March 2021