How to disable Host Header validation Check in TIBCO Enterprise Administrator (TEA)
Article ID: KB0073538
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Administrator (TEA) | 2.4.0 |
Description
TIBCO Enterprise Administrator (TEA ) version 2.4.0 has the fix to prevent Host Header Attack, as a result, if the host header hostname does not match with the tea server hostname, it will send HTTP 403 Forbidden error like below :
====================
HTTP ERROR 403 Request's Host header does not match with server's name
URI: /tea/
STATUS: 403
MESSAGE: Request's Host header does not match with server's name
SERVLET: -
=====================
====================
HTTP ERROR 403 Request's Host header does not match with server's name
URI: /tea/
STATUS: 403
MESSAGE: Request's Host header does not match with server's name
SERVLET: -
=====================
Issue/Introduction
How to disable Host Header validation Check in TIBCO Enterprise Administrator (TEA)
Environment
Product: TIBCO Enterprise Administrator
Version :2.4.0 HF01
OS: All
Resolution
For backward compatibility If you would like to disable the host header validation check, you can add the following property in the tea.conf file under <TEA_CONFIG_HOME>\tibco\cfgmgmt\tea\conf folder
tea.server.disablehostheaderverification=true
tea.server.disableoriginheaderverification=true
tea.server.disablerefererheaderverification=true
Note: TIBCO does not recommend disabling this check for security reasons.
tea.server.disablehostheaderverification=true
tea.server.disableoriginheaderverification=true
tea.server.disablerefererheaderverification=true
Note: TIBCO does not recommend disabling this check for security reasons.
Feedback
Yes
No
Powered by
