Initializing help system before first use

Preventing Host Header Attacks

FICO® Xpress Insight can be configured to only permit access through the configured URL, disabling access using the direct IP address, an alternative host name, or by using localhost. This prevents a type of attack known as a Host Header Attack.
To protect Xpress Insight from a Host Header attack, complete the following steps:
  1. Use a text editor to open the file at \xpressmp\insight\server\wildfly-x.y.z.Final\standalone\configuration\standalone.xml. Within standalone.xml, find the section that contains the following text; <subsystem xmlns="urn:jboss:domain:undertow...>
  2. Add the following filter-ref element to the end of the <host> section, replacing insight.example.com:8443 with the hostname and port that users must use to access the service: 
    <filter-ref name="host-check" predicate="not(equals(%{i,host}, 'insight.example.com:8443'))"/>
  3. Within standalone.xml, add the following expression-filter element to the end of the <filters> section: 
    <expression-filter name="host-check" expression="response-code(503)"/>
  4. Restart the Xpress Insight service.

Result

These configuration settings allow Xpress Insight to be served as expected on https://insight.example.com:8443/, but will respond with 503 Service Unavailable if a user attempts to access Insight on any other url, such as https://localhost:8443/.
Parent Topic Securing FICO Xpress Insight

© 2001-2020 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.