Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] How to prevent host header injection redirection in jetty

I have a filter in webdefault.xml. In the filter, I can compare HOST header value with a list of trusted host values. If the value in HOST header is not in the list, I fail the http request.  The problem is that when 302 happens, the filter is not hit. For example, I have a web app say myweb. http://host:port/myweb will be automatically redirected to http://host:port/myweb/ by jetty. If HOST header is injected in http request  http://host:port/myweb,  since the filter is not hit, the request will be redirected to a site specified in HOST header value. 

What can I do about this?

Thank you.

Back to the top