UMP Host Header Validation

In UMP, when a user changes the hostname value in the UMP API and runs it, the API response shows a success message, 200 OK. Instead of the success message, the response should have thrown an error, To restrict this behavior, you can add a list of UMP hostnames to ensure that when any user tries to change the listed hostname value in the API, the response displays an appropriate error instead of the success response.
uim902
In UMP, when a user changes the hostname value in the UMP API and runs it, the API response shows a success message, 200 OK. Instead of the success message, the response should have thrown an error, To restrict this behavior, you can add a list of UMP hostnames to ensure that when any user tries to change the listed hostname value in the API, the response displays an appropriate error instead of the success response.
Follow these steps:
  1. Deactivate the wasp probe.
  2. Open the 
    <Nimsoft>\probes\service\wasp\webapps\ROOT\WEB-INF\web.xml
     file in an editor.
  3. Locate and uncomment the following section:
    <filter>
      <filter-name>HostHeaderFilter</filter-name>
      <filter-class>com.liferay.portal.kernel.servlet.filters.invoker.HostHeaderFilter</filter-class>
    </filter>
    <filter-mapping>
     <filter-name>HostHeaderFilter</filter-name>
     <url-pattern>/*</url-pattern>
    </filter-mapping>
  4. Save the changes.
  5. Open the 
    <Nimsoft>\probes\service\wasp\webapps\ROOT\WEB-INF\classes\portal-ext.properties
     file in a text editor.
  6. Add a comma-separated list of UMP hostnames to the following parameter:
    • host.header.list
  7. When anyone tries to change 
  8. Save the changes.
  9. Restart the wasp probe. 
Now, when any user tries to change the value of any listed hostname that is present in this list, an error is thrown.