Close HTTPEnableConnectorHeaders Username w/o Password

Mindwatering Incorporated

Author: Tripp W Black

Created: 11/23/2015 at 06:49 PM

 

Category:
Domino Upgrades / Installations
Software (Re)Configuration

Issue:
HTTPEnableConnectorHeaders=1 enables Domino behind a reverse proxy, e.g. IBM HTTP Server, to accept and understand some predefined HTTP request header fields. One of those is $WSRU - The remote user specified for the given request. This means that if the proxy server passes a username, Domino accepts the authentication with only the username/ID in the $WSRU field. No password needed.

Solution:
Update the notes.ini with:
HTTPEnableConnectorHeaders=0


previous page