This documentation is for WSO2 API Manager 2.6.0. View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: AM210

API Manager provides the capability to whitelist multiple host names if you use different host names to access API Store in your environment. 

Info

In this case, localhost is by default considered as a whitelisted host name.

Similarly you can whitelist multiple host names for store as follows.

  • You need to add the host names to the whiteListedHostNames attribute in <API-M_HOME>/repository/deployment/server/jaggeryapps/store/site/conf/site.json as comma separated values.

   See the following example configuration.

Code Block
"whiteListedHostNames": ["www.wso2.org", "www.example.com"]
Note
titleNote :

When you try to access API Store with a host which is not whitelisted, or is not specified in <API-M_HOME>/repository/conf.carbon.xml, you will notice the following warning being logged in the server logs.

Code Block
languagetext
Possible HOST Header Attack is identified. Hence, rewriting to default host in configuration.