Version: Release 24.1

HTTP Host Header Protection

To improve security, Digital.ai Release 23.1 and later, includes measures to prevent HTTP Host Header Injection attacks from causing random redirects. You can now add the white-listed host names to the hostnames key in the xl-release.conf file.

Configuration Example for White-listed Hostnames in the `xl-release.conf` File

xl {
  server.http {
    allowed-hosts {
      enabled = true
      hostnames = ["localhost"]
    }
  }
}

Configuration Example for White-listed Hostnames in the xl-release.conf File​

Configuration Example for White-listed Hostnames in the `xl-release.conf` File