I am working on the host header poison solution found by our pen test team and I would like to know how can set I the location response header. In a very specific situation, after the timeout the request can be changed to a wrong URL path and a different host header and the 302 location response header is poisoned by the host header. Using the filters set on web.xml is not possible to capture this kind of request. So I am looking for a way to set the location manually.

Let me explain better: Today, I am working on pen test issue about host header poison. In this case, everytime the user send us a request with a different host header, I can capture the request and provide the correct answer by implementing a Filter set on web.xml file. But in a specific situation (when the timeout occurs and a sequence of correct request and poisoned request), the liberty server redirect responses and does not pass by any of my filters. In this situation the location response header can be poisoned by host header request in HTTP. Does anyone have something like that before? Is it possible to make liberty response header location field be set as relative and not include a full address.