How to Configure the NetWitness Platform UI with Trusted Origins and Domain Names

How to Configure NetWitness Platform UI with Trusted Origins and Domain Names

In the NetWitness Platform versions prior to 12.5.2.0, the Access-Control-Allow-Origin header did not strictly validate the CORS origin parameter. This configuration could allow cross-origin requests from untrusted domains if the Origin header was manipulated.

To strengthen the security posture, enhanced CORS validation and host enforcement controls are introduced.

Beginning with the version 12.5.2.0:

CORS headers are returned only for explicitly trusted origins.
WebSocket connections enforce origin validation.
A strict Host allowlist is implemented at the NGINX layer.
Requests with unknown or unapproved Host headers are rejected.

As part of this security hardening, when trusted origins are enabled, access to the NetWitness Platform Admin UI and Analyst UI is restricted by default to the server’s configured primary IP address.

To enable access using Domain Names or host IP address, you must add them to the trusted host configuration used by the NGINX template. The following section provides detailed procedure on how to configure Domain Names and Host IPs as trusted origins.

To configure Domain Names and Host IPs as trusted origins

Note: The following steps are applicable only for NW Admin Server and Analyst UI.

Run the following command and enable the trusted origins.
```
# nw-manage --enable-trusted-origins
```
Open the trusted origins file /etc/netwitness/platform/nw-cors-trusted-origins and add the required Domain Names and Host IPs as trusted entries.
Re-run the command mentioned in Step 1 to apply the updated trusted origins.
```
# nw-manage --enable-trusted-origins
```
Note: Run the following command if you want to disable the trusted Origins.
```
# nw-manage --disable-trusted-origins
```