Skip to main content
Version: Release 23.1

HTTP Host Header Protection

To improve security, Digital.ai Release 23.1 and later, includes measures to prevent HTTP Host Header Injection attacks from causing random redirects. You can now add the white-listed host names to the hostnames key in the xl-release.conf file.

Configuration Example for White-listed Hostnames in the xl-release.conf File

xl {
server.http {
allowed-hosts {
enabled = true
hostnames = ["localhost"]
}
}
}