Reputation: 1
Apache OFBiz; Issue
The following is the issued i encountered:
https://localhost:8443/accounting/control/main this URL is working https://127.0.0.1:8443/accounting/control/main this URL is working https://w2019-dc:8443/accounting/control/main this URL is not working with the following message | ERROR MESSAGE org.apache.ofbiz.webapp.control.RequestHandlerException: Domain w2019-dc not accepted to prevent host header injection https://192.168.1.254:8443/accounting/control/main this URL is not working with the following message | ERROR MESSAGE org.apache.ofbiz.webapp.control.RequestHandlerException: Domain w2019-dc not accepted to prevent host header injection
I need your advise.
Upvotes: 0
Views: 2510
Answers (2)
Reputation: 611
If your domains names follow a pattern it's possible for you to add the necessary unless you are unable coding. Then better create an OFBiz Jira: https://issues.apache.org/jira/projects/OFBIZ?selectedItem=com.atlassian.jira.jira-projects-plugin%3Asummary-page
Upvotes: 0
Reputation: 611
you need to add w2019-dc (or any other used domains) in the host-headers-allowed list property in security.properties file.
See https://issues.apache.org/jira/browse/OFBIZ-11583 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12425 for details
Upvotes: 1
Related Questions
- Ofbiz: Unable to establish a connection with the database for helperName [localmysql]
- Unable to access new OFBiz 16.11 plugin
- Apache OfBiz Execution issues
- Unable to run Ofbiz POS
- Error when starting Apache OFBiz: "java.net.BindException: Address already in use"
- Apache POI exception in Apache OFBiz
- Deploying OFBiz on External Application Server
- Understanding permissions and security in ofbiz : Not able to access application
- Getting ScreenRenderException while running OfBiz
- Error while calling OfBiz service