Thank you very much! On Fri, Sep 27, 2019 at 10:41 AM Simone Bordet <[email protected]> wrote:
> Hi, > > On Fri, Sep 27, 2019 at 4:08 PM Xiao Li <[email protected]> wrote: > > > > I have a filter in webdefault.xml. In the filter, I can compare HOST > header value with a list of trusted host values. If the value in HOST > header is not in the list, I fail the http request. The problem is that > when 302 happens, the filter is not hit. For example, I have a web app say > myweb. http://host:port/myweb will be automatically redirected to > http://host:port/myweb/ by jetty. If HOST header is injected in http > request http://host:port/myweb, since the filter is not hit, the > request will be redirected to a site specified in HOST header value. > > > > Jetty would not know where to redirect to, unless you have configured > some Jetty Handler that does that. > If that is the case, then your option is to use a Jetty Handler in > front of the others (rather than a Filter) to perform your Host header > checks. > Alternatively, you remove the redirecting Jetty Handler and do > everything from Filters: one that does Host header checks, and a > following one that does redirection. > > -- > Simone Bordet > ---- > http://cometd.org > http://webtide.com > Developer advice, training, services and support > from the Jetty & CometD experts. > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
