NiFi has been updated to only accept requests where the Host header contains an expected value. Currently, the expected values are driven by the .host properties in nifi.properties. When running behind a proxy, the value may be the proxy host if the headers simply pass through. In this scenario, we should offer the ability to whitelist values in case updating the proxy configuration isn't possible.
Also, the proxy documentation in the admin guide should be updated to include details regarding the Host name whitelisting. Also, should verify the context path whitelisting is documented there.