WebSphere Application Server & Liberty

 View Only
  • 1.  WAS and HttpHostHeaderInjectionFilter problem

    Posted Fri January 20, 2023 09:41 AM
    Hey all,

    Some details first:

    WAS installed on Windows Server 2016
    WAS Plugin installed on CentOS 7 with apache
    WAS Plugin installed on Rocky Linux with apache
    I didn't install the Win or CentOS servers and have no experience with WebSphere but managed to get the plugin installed on Rocky.

    The CentOS 7 box is our existing reverse proxy to the WAS Win Server.  I want to replace it with the Rocky box.

    I have the plugin installed on the Rocky box but when I browse to it I get Error 400: Request contains invalid Host header.

    In the WebSphere logs on the Win Server I see this:
    [WebContainer : 0] {[]} ERROR filter.HttpHostHeaderInjectionFilter- Http Host Header value [server ip] does not match any value in the valid hosts white list

    I have had a look for this white list but cannot find it in the WebSphere admin console.  I looked under the Web Container Transport Chains are as there are some Exclude/Include Address/Hostname fields but they are all empty.  There must be somewhere when the existing CentOS 7 box is white listed.

    Can someone advise where the white list may be located?



    jer cos

  • 2.  RE: WAS and HttpHostHeaderInjectionFilter problem

    IBM Champion
    Posted Fri January 20, 2023 10:55 AM


    i think what your are referring to is adding the host :


    Good Luck

    Largou walid

  • 3.  RE: WAS and HttpHostHeaderInjectionFilter problem

    Posted Sun January 22, 2023 10:32 PM
    Hi Largou, our Host Names for the Host Aliases for the Virutal Hosts are all asterisks (*).  I assume this means allow any host to connect?

    jer cos

  • 4.  RE: WAS and HttpHostHeaderInjectionFilter problem

    Posted Wed February 01, 2023 01:28 AM
    Does anyone have any idea where this white list could be?

    I also note this message before the error I mentioned previously:

    INFO filter.AbstractAccessPolicyFilter - Loading access policy file: '/access.policy'

    jer cos

  • 5.  RE: WAS and HttpHostHeaderInjectionFilter problem

    Posted Thu February 09, 2023 05:58 PM

    Aha!  After some more looking around it appears that the HttpHostHeaderInjectionFilter is a custom filter built by the application developer.  I found where the hosts were specified within the application itself, edited that and it's working!

    jer cos