Introduction
TFE Release v202109-1 (565) includes a security fix
Mitigated a potential Host header injection vulnerability.
With this fix, TFE will reject any request with Host header does not match the TFE configured hostname. All mismatched requests are responded with HTTP 301, with the Location header equals to TFE configured hostname.
Problem
Existing requests to TFE via proxy may stop working, e.g. VCS webhook, TFE API calls in automation scripts with status:
HTTP/1.1 301 Moved Permanently Location: <tfe_hostname>
Solution
Modify requests to TFE API to include header Host: <tfe_hostname>
Outcome
If the issue persists after above solution, please reach out to HashiCorp support for additional assistance.