Fixes are available
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
APAR status
Closed as program error.
Error description
Add simpler way to reject unknown hostnames
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM HTTP Server 9.0 * **************************************************************** * PROBLEM DESCRIPTION: Need simpler way to reject unknown * * hostnames * **************************************************************** * RECOMMENDATION: Apply this fix * **************************************************************** By default, the server will respond to requests for any hostname, including requests addressed to unexpected or unconfigured hostnames. While this is convenient, it is sometimes desirable to limit what hostnames a backend application handles since it will often generate self-referential responses.
Problem conclusion
A StrictHostCheck directive was added. If set to ON, the server will return an HTTP 400 error if the requested hostname hasn't been explicitly listed by either ServerName or ServerAlias in the virtual host that best matches the details of the incoming connection. The directive also allows matching of the requested hostname to hostnames specified within the opening VirtualHost tag, which is a relatively obscure configuration mechanism that acts like additional ServerAlias entries. This fix is targeted for IBM HTTP Server fix packs: - 9.0.0.11
Temporary fix
Comments
APAR Information
APAR number
PH02406
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-09-06
Closed date
2019-03-25
Last modified date
2019-03-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801
Applicable component levels
R900 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
07 September 2022