HTTP Request Referrer Header Validation
Host name in the referrer header of incoming HTTP request is compared with the server name on which WebApp is hosted to determine whether HTTP request is valid.
To allow a HTTP request from a domain other than the server on which a WebApp is hosted, add the domain as allowed referrers list using the
com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers
node level JVM property and restart the node. For more information about setting a JVM property of a node, see
JVM Configuration of a Node.
Setting the JVM property Through the TIBCO ActiveMatrix Administrator UI
- Navigate to Infrastructure > Nodes > Configuration > JVM Configuration.
- Click Add.
- Add the Java property
com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers
in the Property column and add the domain in the Value column. - Click Save.
- Click Install/Sync.
- Restart the TIBCO ActiveMatrix runtime node.
Setting the JVM property in Node's TRA file
-
Add the Java property
com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers
in the TIBCO ActiveMatrix runtime node’s TRA file as shown in the following example:java.property.com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.
referers=accounts.google.com,facebook.com - Restart the TIBCO ActiveMatrix runtime node.
If you add a domain as an allowed referrer, subdomains of the domain also become valid referrers.
For Example:
If you add the domain
google.com
as allowed referrer, subdomains
accounts.google.com
and
mail.google.com
also become valid referrers.
HTTP 400 invalid referrer header
error occurs in a response, ensure that referrer header is added in the allowed referrers list.