You can use the following stanza:
[validate-headers]
# This stanza is used to list those headers which should be validated
# on each request. The format of each configuration entry is:
#
# <hdr> = <value>
#
# For example to ensure all requests are from
www.ibm.com set:
#
# host =
www.ibm.com#
# If multiple headers of the same name are configured, the corresponding
# header in the request must match one of the configured values.
host = a.b.com
A request with a host header of anything else will return a 400 Bad Request. Note, if you set one then you have to set for each and every possible host that can be used, i.e. all virtual host junctions.
------------------------------
Nick
ISAM Level II Support
------------------------------
Original Message:
Sent: Sat August 24, 2019 12:29 PM
From: Jahanzaib Sarwar
Subject: WebSEAL Restrict Login with IP instead of FQDN
Hello All,
When we access webseal using IP address instead of FQDN, the browser gives SSL error and allows us to ignore and continue.
If we want to force users to use FQDN to access webseal, is it possible using any default configuration within ISAM? Like, if the user is accessing the webseal using IP, is there some configuration entry to detect and block, and/or redirect using FQDN?
I believe we can do it using other ways like redirecting with javascript or html meta tag on the login page itself, or may be some other ways within ISAM, but I was thinking if there is a default functionality in webseal to cater for this?
Best regards,
------------------------------
Jahanzaib Sarwar
------------------------------