• Failure / rejection of requests to the Cloud Director API with a "400 Bad Request" response to API clients.
• Host header verification is enabled in Cloud Director (VCD).
• The /opt/vmware/vcloud-director/logs/vcloud-container-debug.log shows a  warning that the request is rejected:

| WARN     | pool-jetty-#             | HostCheckerFilter              | Rejecting request with host header: #.#.#.# | requestId=<request ID>,request=GET https://#.#.#.#/api/versions

• API client is not making requests to the Cloud Director Public Address or the IP of a Cloud Director Cell directly but is connecting to Cloud Director via another address such as a NAT IP.

VMware Cloud Director

This behaviour is expected when host header verification is enabled in Cloud Director as outlined in the documentation, Network Security Requirements for VMware Cloud Director.

The Cell Management Tool is used to enable this option:

/opt/vmware/vcloud-director/bin/cell-management-tool manage-config -n vcloud.http.enableHostHeaderCheck -v true

When host header verification is enabled Cloud Director will only accept API requests sent to either the public address of Cloud Director, the addresses of the Cloud Director Cells, and additional addresses added to the CORS allowed origins.

To allow additional addresses pass host header verification add them to the CORS allowed origins list using the Cloud Director API:

1. Log in to the Cloud Director API as a System Administrator, How to establish an API connection VMware Cloud Director.
2. Follow the Cloud Director documentation and add the desired addresses to the CORS allowed origins, Configure CORS for VMware Cloud Director.
3. Wait 60 seconds after updating the CORS allowed origins list for Cloud Director to update the cache of allowed hosts and then retry the API requests which should now succeed.

To disable host header verification the option can be removed using the Cell Management Tool:

1. SSH to one of the Cloud Director Cells in the cluster as root.
2. Verify if host header verification has been enabled using the Cell Management Tool:
   
   /opt/vmware/vcloud-director/bin/cell-management-tool manage-config -n vcloud.http.enableHostHeaderCheck -l
   
   
3. To disable host header verification remove the option using the Cell Management Tool:
   
   /opt/vmware/vcloud-director/bin/cell-management-tool manage-config -n vcloud.http.enableHostHeaderCheck -d
   
   
4. After disabling host header verification stop and start the Cloud Director service on each Cell in turn:
   
   WARNING: Stopping the Cloud Director service can impact access to the Cloud Director portal.
   
   /opt/vmware/vcloud-director/bin/cell-management-tool cell -i $(service vmware-vcd pid cell) -s

systemctl stop vmware-vcd

systemctl start vmware-vcd