.. _web-hosts-commands: Web Hosts Commands ------------------------ .. index:: web;web hosts .. _21.3-PB2|EKB-13206: In order to manage the location HTTP header in HTTP redirect responses to only include safe hosts, the **web hosts** command can be used with the required parameters. This feature protects against host header injection during the ``http`` -> ``https`` redirect upon login to VOSS Automate. The value supplied in the Host header is contained in the HTTP redirect response in the ``Location`` HTTP header. The following Command Line Interface console display shows the available commands for web hosts. :: web hosts add - Add the hostname to the allowed hosts web hosts del - Delete the hostname from the allowed hosts web hosts disable - Disables the allowed hosts feature web hosts enable - Enables the allowed hosts feature, which blocks requests with unrecognised HOST headers web hosts list - Displays the additional allowed hosts Enable the feature ................... :: $ web hosts enable Enabling the allowed hosts feature requires the web server. Do you wish to continue? y Allowed hosts enabled: true hosts: value not set Restarting nginx for settings to take effect Application nginx processes stopped. Application services:firewall processes stopped. Reconfiguring applications... Application nginx processes started. After the feature is enabled and no hosts specified, the web server closes the connection. Add and Delete a ............................ In this example, the hostname ``atlantic.net`` is added. :: $ web hosts add atlantic.net Adding a new allowed host requires the web server to be restarted. Do you wish to continue? y Allowed hosts enabled: true hosts: atlantic.net Restarting nginx for settings to take effect Application nginx processes stopped. Application services:firewall processes stopped. Reconfiguring applications... Application nginx processes started. .. note:: For hostname format, refer to for example: RFC 1035, RFC 2181 and RFC 4343. To remove a hostname from the list (example is ``atlantic.net``): :: $ web hosts del atlantic.net Listing host names .................... Use the **web hosts list** command to show status and list all safe hosts that can be in the ``Location`` HTTP header. :: $ web hosts list Allowed hosts enabled: true hosts: atlantic.net Disabling the feature ...................... The feature can be disabled with the **web hosts disable** command. This will disable port 80 on the web server completely. :: $ web hosts disable Disabling the allowed hosts feature requires the web server to be restarted. Do you wish to continue? y Allowed hosts enabled: false hosts: value not set Restarting nginx for settings to take effect Application nginx processes stopped. Application services:firewall processes stopped. Reconfiguring applications... Application nginx processes started.