Reason for the “WARN :Possible HOST Header Attack is identified. Hence, rewriting to default host in configuration.” — WSO2 APIM

Image reference [2]
WARN {JAGGERY.site.pages.list-apis:jag} -  Possible HOST Header Attack is identified. Hence, rewriting to default host in configuration. site.reverseProxy.enabled = false {JAGGERY.site.pages.list-apis:jag}

Sometimes we can see users are telling as “it is taking a long time to load the store portal, and the above warning is printing repeated manner in the log file.” Then they feel the slowness of the Store.

The slowness of a server can create due to the below reasons.

However, if someone tells a slowness of APIM store, other than the above reasons, please check the log file whether it has printed the above warning log repeated manner.

This warning is appearing when you try to access API Store with a host which is not whitelisted, or is not specified in <API-M_HOME>/repository/conf/carbon.xml. Due to this APIM Store loading become slow.

To overcome this issue, you need to whitelist that particular IP address(which not mentioned in the carbon.xml file) on the “site.json” file in the “<API-M_HOME>/repository/deployment/server/jaggeryapps/store/site/conf/site.json “ directory as follows.

"whiteListedHostNames": ["IP_Address"]

Then this should configure both IP addresses which set in the carbon.xml file and the other IP address which you used to access the Store. You can refer to this document[1] to aware of this.

I hope this will be a useful blog for you. Appreciate your claps and will meet with another blog soon :)

[1]. https://docs.wso2.com/display/AM260/Whitelisting+Hostnames+for+API+Store

[2]. https://www.acunetix.com/blog/articles/slow-http-dos-attacks-mitigate-apache-http-server/

Senior Software Engineer at WSO2