Hi, On Fri, Sep 27, 2019 at 4:08 PM Xiao Li <[email protected]> wrote: > > I have a filter in webdefault.xml. In the filter, I can compare HOST header > value with a list of trusted host values. If the value in HOST header is not > in the list, I fail the http request. The problem is that when 302 happens, > the filter is not hit. For example, I have a web app say myweb. > http://host:port/myweb will be automatically redirected to > http://host:port/myweb/ by jetty. If HOST header is injected in http request > http://host:port/myweb, since the filter is not hit, the request will be > redirected to a site specified in HOST header value. >
Jetty would not know where to redirect to, unless you have configured some Jetty Handler that does that. If that is the case, then your option is to use a Jetty Handler in front of the others (rather than a Filter) to perform your Host header checks. Alternatively, you remove the redirecting Jetty Handler and do everything from Filters: one that does Host header checks, and a following one that does redirection. -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
