How to whitelist hosts in OHS 12.2.1.2
We have an SSO setup where applications are protected under an OAM application domain.
OHS Webgate intercepts requests based on the application context root and upon sucessful authentication routes request to the ADF managed server host where the application is deployed. We need to know how host header attacks can be tackled (allow only requests where the host header is not modified or tampered) by using the httpd.conf rules
The oracle note 2356329.1 suggests the below:
"
For example, this RewriteCond just blocks an erroneous requests being handled by the VirtualHost:
<VirtualHost *:40745>
ServerName abcdev.domain.com
ServerAdmin HYPERLINK "mailto:you@your.address" you@your.address