Diagnosing The Problem
Resolving The Problem
See WebSphere Application Server information on Security Hardening which provides specific instructions that must be followed to harden production environments.
- Navigate to Environment twisty-> Virtual Hosts ->Hosts -> default host -> Host Aliases
- Replace “*” with the hostname and select the ports that will be part of this virtual host.
For example, ports 9080, 80, 9443, 5060, 5061, 443, 9081, 9444.
Any subsequent attempt of Host header injection using your specific host name will result in 404 Not Found errors, and redirection to the injected host will not occur.
If for any reason, the above steps do not work, see http://publib.boulder.ibm.com/httpserv/ihsdiag/examples.html#unknownhost for alternative steps from the IBM HTTP Server team.
Was this topic helpful?
08 August 2022