Let’s start with a quick definition of Unvalidated Redirects vulnerability.
Another name for Unvalidated Redirect is Open Redirect which is a security flaw in web applications (or web pages) and occurs when an attacker can redirect users to an untrusted site while they are clicking on a link on a trusted website. To have a better understanding of this attack, take a look at the sample below:
A HTTP GET request has been sent to a locally installed Liferay portal version 7 by using Insomnia application. The only change in this request is the Host parameter in the request Header which has been set to attacker.com.
Therefore, in order to protect the Liferay Portal from these types of vulnerabilities, you need to configure portal-ext.properties which is located under the path below;
And the configuration is:
# allowed to use.