HTTP Request Referrer Header Validation

Host name in the referrer header of incoming HTTP request is compared with the server name on which WebApp is hosted to determine whether HTTP request is valid.

To allow a HTTP request from a domain other than the server on which a WebApp is hosted, add the domain as allowed referrers list using the com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers node level JVM property and restart the node. For more information about setting a JVM property of a node, see JVM Configuration of a Node.

Setting the JVM property Through the TIBCO ActiveMatrix Administrator UI
  1. Navigate to Infrastructure > Nodes > Configuration > JVM Configuration.
  2. Click Add.
  3. Add the Java property com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers in the Property column and add the domain in the Value column.
  4. Click Save.
  5. Click Install/Sync.
  6. Restart the TIBCO ActiveMatrix runtime node.
Setting the JVM property in Node's TRA file

  1. Add the Java property com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers in the TIBCO ActiveMatrix runtime node’s TRA file as shown in the following example: 

    java.property.com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers=accounts.google.com,facebook.com
  2. Restart the TIBCO ActiveMatrix runtime node.

If you add a domain as an allowed referrer, subdomains of the domain also become valid referrers.

For Example:

If you add the domain google.com as allowed referrer, subdomains accounts.google.com and mail.google.com also become valid referrers.

Note: If HTTP 400 invalid referrer header error occurs in a response, ensure that referrer header is added in the allowed referrers list.