Bug 1435331
| Summary: | Host header set improperly when configured with a proxy | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Kevin Howell <khowell> |
| Component: | subscription-manager | Assignee: | candlepin-bugs |
| Status: | CLOSED DUPLICATE | QA Contact: | John Sefler <jsefler> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 6.10 | CC: | redakkan, skallesh |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-06-29 18:02:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1451166 *** |
Description of problem: Host header set improperly. We should validate against HTTP proxy RFC(s). Steps to Reproduce: - yum install subscription-manager squid httpd mod_ssl - make apache return HTTP 403: echo $'<Location />\nDeny from all\n</Location>\n' > /etc/httpd/conf.d/welcome.conf - configure subscription-manager to use this setup instead of RHN # subscription-manager config --server.hostname=127.0.0.99 # subscription-manager config --server.proxy_hostname=127.0.0.11 # subscription-manager config --server.proxy_port=3128 # subscription-manager config --server.insecure=1 - watch it fail # subscription-manager register --user foo --password bar Registering to: 127.0.0.99:443/subscription Forbidden: Invalid credentials for request. - further details can be analyzed with the following hack: by adding 'print data' to /usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py:221 we can intercept the unencrypted HTTP traffic: GET /subscription/users/foo/owners HTTP/1.1 Host: 127.0.0.11:3128 Accept-Encoding: identity Content-Length: 0 Accept-Language: en-us x-subscription-manager-version: 1.17.15-1.el7.centos x-python-rhsm-version: 1.17.9-1.el7 Accept: application/json User-Agent: RHSM/1.0 (cmd=subscription-manager) Content-type: application/json Authorization: Basic Zm9vOmJhcg== This shows that the request contains a Host: header with the proxy's name/address. At this place, the hostname of the target address is (127.0.0.99 ) is supposed to show up.