Symptoms

The Dell Integrated Dell Remote Access Controller 9 (iDRAC9) introduced a new attribute idrac.webserver.HostHeaderCheck with a default value of "Enabled" in firmware 5.10.00.00. $ racadm getsysinfo | grep -i firmware Firmware Version = 5.10.00.00 Firmware Build = 57 Last Firmware Update = 01/07/2022 14:34:07 $ racadm help idrac.webserver.hostheadercheck Security Alert: Certificate is invalid - self signed certificate Continuing execution. Use -S option for racadm to stop execution on certificate-related errors. HostHeaderCheck -- Enable HTTP Host Header Validation Usage -- 0-Disabled; 1-Enabled; Default - 1 Required License -- RACADM Dependency -- None After upgrading to 5.10.10.00 or 5.10.30.00 firmware, the idrac.webserver.HostHeaderCheck default value is "Disabled." $ racadm getsysinfo | grep -i firmware Firmware Version = 5.10.10.00 Firmware Build = 26 Last Firmware Update = 04/28/2022 16:49:23 $ racadm help idrac.webserver.hostheadercheck Security Alert: Certificate is invalid - self signed certificate Continuing execution. Use -S option for racadm to stop execution on certificate-related errors. HostHeaderCheck -- Enable HTTP Host Header Validation Usage -- 0-Disabled; 1-Enabled; Default - 0 Required License -- RACADM Dependency – None

Cause

The default of "enabled" did not merge into the firmware updates beyond 5.10.00.00.

Resolution

HostHeaderCheck can be enabled on impacted firmware versions 5.10.10.00 and 5.10.30.00 using RACADM. $ racadm set idrac.webserver.hostheadercheck 1 Dell has corrected the attribute default to "Enabled" in iDRAC9 firmware 5.10.50.00 and later releases.

Support Cases