Issue:
HTTPEnableConnectorHeaders=1 enables Domino behind a reverse proxy, e.g. IBM HTTP Server, to accept and understand some predefined HTTP request header fields. One of those is $WSRU - The remote user specified for the given request. This means that if the proxy server passes a username, Domino accepts the authentication with only the username/ID in the $WSRU field. No password needed.
Solution:
Update the notes.ini with:
HTTPEnableConnectorHeaders=0
previous page
|