Advanced: Host Header Validation

Use the Security > Advanced > Host Header Validation options to enhance security of incoming HTTP traffic in Ivanti EPMM, by validating HTTP host headers. When you enable this feature, incoming HTTP host headers must contain either the specified internal hostname or the allowed external hostnames.

This section includes the following topics:

• Selecting host header validation
• Strict Host Header Validation options

Selecting host header validation

Procedure 

To validate host headers in your Ivanti EPMM HTTP traffic:

1. Log into System Manager.
2. Go to Security > Advanced > Host Header Validation.
3. Go to the Strict Host Header Validation options.

4. Modify the fields, as necessary.

   Refer to Strict Host Header Validation options table for more information.

5. Click Apply > OK.

Strict Host Header Validation options

The following table summarizes the Strict Host Header Validation options:

Table 30.  Strict Host Header Validation Options

Fields	Description
Enable Strict Host Header Validation	Check this option to enable HTTP host header validation.
Internal Server Names	The internal server name is displayed.
External Server Name	(Optional) Specify one or more external server names that are trusted in the HTTP host header.