IBM Support

How to Prevent Server Side Request Forgery in the IBM InfoSphere Optim Solutions Web Applications Version 11.7.0.1

How To


Summary

The ability to prevent Server Side Request Forgery has been added to the IBM InfoSphere Optim Solutions Web Applications in the 11.7.0.1 release.

Objective

The objective is to prevent Server Side Request Forgery attacks in the Optim Solutions Web Applications. This is accomplished by adding known hosts to an allowlist so that requests from unknown hosts can be rejected.

Environment

After installing Optim 11.7.0.1, that is 11.7.0 Fix Pack 1, an error will be received when using the Optim Connection Manager.
 
The following error will occur:
  
The host xxxxxx is not in the whitelist and cannot be accessed from Optim Connection Manager. Specify a different host or IP address, or ask your web administrator to update the whitelist.

 
When performing Test Connection from the following with Optim Connection Manager:
 
  • Create a new Optim Directory
  • Create a new Startup Connection
  • Edit an Optim Directory
  • Reconfigure OCM
 
And the following error will occur when performing Test Connection on an existing Optim Directory:
  
The host xxxxxx specified for Optim directory yyyyyy is not in the whitelist and cannot be accessed from Optim Connection Manager. Test Connection failed
.
 
When performing the following with Optim Connection Manager:
 
  • Test Connection

Steps


To fix this issue, provide the hostnames or IP addresses of hosts that should be allowed access from Optim Connection Manager in an allowlist file that Optim will then use to only allow access to hosts in the file.
Here are the instructions to setup and use the allowlist:
  1. Set up an allowlist hosts file
    1. Create a file and add the host entries (each one on a single line). 
      For example, to set up an allowlist for two host entries (localhost and 127.0.0.1), create a DNSAllowList.txt file in  c:\temp and add the following two entries:

      localhost
      127.0.0.1
  2. Edit the jvm.options file in the OptimWebServer directory (<optim-install-path>\shared\Liberty\usr\servers\OptimWebServer).
    1. Remove the # at the start of the following line to uncomment it.
        
      #-DwhiteListDNSHostFile=<full path to the whitelist file>
    2. Specify the full path to the DNSAllowList.txt file created above.
        
      -DwhiteListDNSHostFile=c:\temp\DNSAllowList.txt
  3. Restart Liberty.
After performing the above steps, specifying anything other than localhost or 127.0.0.1 when performing any of the following in Optim Connection manager will cause 1 of the 2 above mentioned errors:
  • Create a new Optim Directory
  • Create a new Startup Connection
  • Edit an Optim Directory
  • Reconfigure OCM
  • Test Connection

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS2NEW","label":"IBM InfoSphere Optim Archive Enterprise Edition"},"ARM Category":[{"code":"a8m0z000000cwv4AAA","label":"Optim Archive"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.7.0"},{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRPUJ","label":"IBM InfoSphere Optim Archive Workgroup Edition"},"ARM Category":[{"code":"a8m0z000000cwv4AAA","label":"Optim Archive"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.7.0"},{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMLNW","label":"IBM InfoSphere Optim Data Growth Solution"},"ARM Category":[{"code":"a8m0z000000cwvAAAQ","label":"Optim Data Growth"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.7.0"},{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWG4L","label":"IBM InfoSphere Optim Data Growth Solution for Oracle Applications"},"ARM Category":[{"code":"a8m0z000000cwvAAAQ","label":"Optim Data Growth"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.7.0"},{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLZRR1","label":"IBM InfoSphere Optim Solution for Application Retirement including Archive File Access"},"ARM Category":[{"code":"a8m0z000000cwv4AAA","label":"Optim Archive"},{"code":"a8m0z000000cwvAAAQ","label":"Optim Data Growth"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.7.0"},{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRPSN","label":"IBM InfoSphere Optim Test Data Management Enterprise Edition"},"ARM Category":[{"code":"a8m0z000000cwvEAAQ","label":"Optim Test Data Management"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.7.0"},{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMLQ4","label":"IBM InfoSphere Optim Test Data Management Solution"},"ARM Category":[{"code":"a8m0z000000cwvEAAQ","label":"Optim Test Data Management"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.7.0"},{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWG5Q","label":"IBM InfoSphere Optim Test Data Management Solution for Oracle Applications"},"ARM Category":[{"code":"a8m0z000000cwvEAAQ","label":"Optim Test Data Management"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.7.0"},{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRPYB","label":"IBM InfoSphere Optim Test Data Management Workgroup Edition"},"ARM Category":[{"code":"a8m0z000000cwvEAAQ","label":"Optim Test Data Management"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"11.7.0"}]

Document Information

Modified date:
10 April 2023

UID

ibm16956531

Page Feedback