/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- It is necessary to validate the X-Forwarded-Host header in a BTP Approuter application to mitigate possible vulnerabilities, like open redirect.
- The ENABLE_X_FORWARDED_HOST_VALIDATION Environment Variable was defined in the Approuter, but a modified X-Forwarded-Host header is returning 301 instead of, for example, a 404 or 500.
Read more...
Environment
SAP BTP, Cloud Foundry runtime and environment
Product
SAP BTP, Cloud Foundry runtime and environment 1.0
Keywords
x-forwarded-host, vulnerability, open redirect, client side url redirect, redirection, environment variable, approuter, x-forwarded-server-, x-host, ENABLE_X_FORWARDED_HOST_VALIDATION , KBA , BC-CP-APR , SAP BTP Application Router , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)