40 lines
1.5 KiB
Text
40 lines
1.5 KiB
Text
|
|
=== Host
|
|
|
|
{project_name} uses the request URL for a number of things. For example, the URL sent in password reset emails.
|
|
|
|
By default, the request URL is based on the `Host` header and there is no check to make sure this URL is the valid and
|
|
correct URL.
|
|
|
|
If you are not using a load balancer or proxy in front of {project_name} that prevents invalid host headers, you must
|
|
explicitly configure what URLs should be accepted.
|
|
|
|
The following example will only permit requests to `localhost.localdomain` or `localhost`:
|
|
|
|
[source,xml,subs="attributes+"]
|
|
----
|
|
<subsystem xmlns="{subsystem_undertow_xml_urn}">
|
|
<server name="default-server" default-host="ignore">
|
|
...
|
|
<host name="default-host" alias="localhost.localdomain, localhost">
|
|
<location name="/" handler="welcome-content"/>
|
|
<http-invoker security-realm="ApplicationRealm"/>
|
|
</host>
|
|
</server>
|
|
</subsystem>
|
|
----
|
|
|
|
The changes that have been made from the default config is to add the attribute `default-host="ignore"` and update the
|
|
attribute `alias`. `default-host="ignore"` prevents unknown hosts from being handled, while `alias` is used to list the
|
|
accepted hosts.
|
|
|
|
Here is the equivalent configuration using CLI commands:
|
|
|
|
[source,bash]
|
|
----
|
|
/subsystem=undertow/server=default-server:write-attribute(name=default-host,value=ignore)
|
|
/subsystem=undertow/server=default-server/host=default-host:write-attribute(name=alias,value=[localhost.localdomain, localhost]
|
|
|
|
:reload
|
|
----
|
|
|