Date: Thu, 28 Mar 2024 14:39:47 -0400 (EDT) Message-ID: <611686637.788.1711651187492@prodopencatalystconfluence.catalyst> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_787_929562483.1711651187489" ------=_Part_787_929562483.1711651187489 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This tutorial is intended to provide instructions for applying a= configuration-based fix to address a security vulnerability in the SHRINE = proxy subsystem.
Remove the following lines:
<host= >https://</host> <host>http://</host>
Include entries that specify localhost, fully-qualified host names a= nd IP addresses for both the shrine node and i2b2 node as accessed by your = tomcat. Here is an example:
<list= s> <whitelist> <host>https://shrine-qa3.ca= talyst:6443</host> <host>https://localhost:644= 3</host> <host>https://10.118.12.40:= 6443</host> <host>http://shrine-qa3-i2b= 2.catalyst:9090</host> <host>http://10.118.12.60:9= 090</host> </whitelist> </lists>
Start tomcat again. After tomcat has completed its startup con= firm the configuration by running a test query. If it does not work, = then you will see messages in tomcat/logs/proxy.log that look like this:
2019-Ja= n-02-16:54:54.480 ERROR [SHRINE][ShrineProxyServlet][http-nio-6443-exec-5] = ProxyServlet error: net.shrine.proxy.ShrineMessageFormatException: redirectURL not in white lis= t or is in black list: http://shrine-qa2-i2b2.catalyst:9090/i2b2/services/P= MService/getServices at net.shrine.proxy.DefaultShrineProxy.redirect(ShrineProxy.scala:9= 1) at net.shrine.proxy.ShrineProxyServlet.doPost(ShrineProxyServlet.sc= ala:56) at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
If you encounter an error, add the correct URL(s) into the whiteli= st and try again.
5. Please let your hub administrators k= now that you have made a configuration change so that we can verify from th= e hub.