I read the documentation first, but there's no mention of any way to disable the "Allowed Domains"/HTTP Host spoofing protection feature in the WAF.
We have a dev->test/approval->prod environment process that's largely automated and multiple production servers that a site could be deployed to once approved and launched. The prod server is determined automatically by the launch process. Site's sometimes move between production servers and production servers are sometimes added, sometimes, though rarely, removed too. It just isn't practical to update this every time something changes and I don't really want to try to integrate this into our various scripts if I don't have to.
And you know what it's like managing a bunch of servers and sites: Anything that can be done to simplify and minimize the potential surface that problems can occur is preferable to workarounds and extra integrations.
Thanks in advance,
Nicholas
