Bug 1449022

Summary: Router doesn't add X-Forwarded-For header to reencrypt route
Product: OpenShift Container Platform Reporter: Takayoshi Kimura <tkimura>
Component: NetworkingAssignee: Jacob Tanenbaum <jtanenba>
Networking sub component: router QA Contact: zhaozhanqi <zzhao>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: aloughla, aos-bugs, bandrade, bbennett, bmeng, eparis, smunilla, yadu
Version: 3.5.0   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: the router template does not add "option forwardfor" for reencrypt type routes Consequence: X-Forwarded-For section of http header file is missing Fix: add "option forwardfor" in the router template for reencrypt type routes. Result: X-Forwarded-For section of http header file is correctly populated
 Story Points: ---
Clone Of:
: 1473160 (view as bug list) Environment:
Last Closed: 2017-08-10 05:23:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1473160    

Description Takayoshi Kimura 2017-05-09 05:39:32 UTC 
Description of problem:

Router doesn't add X-Forwarded-For header to reencrypt route. Plain http and edge route has it and "options forwardfor" in haproxy.config.

Version-Release number of selected component (if applicable):

3.5.5.8

How reproducible:

Always

Steps to Reproduce:
1. Create http, edge, reencrypt routes
2. Test it, or check haproxy.config
3.

Actual results:

X-Forwarded-For is missing when route is reencrypt

Expected results:

X-Forwarded-For is added

Additional info:
Comment 1 Jacob Tanenbaum 2017-05-11 14:00:41 UTC 
Origin PR: https://github.com/openshift/origin/pull/14142
Comment 2 openshift-github-bot 2017-05-13 17:00:21 UTC 
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/5011cb4e72c34f264bc7099e072849220e5b325c
adding X-Forwarded-For header to reencrypt route

add X-Forwarded-For header for reencrypt routes, just as it is for edge routes

Bug 1449022
Comment 4 zhaozhanqi 2017-05-31 03:17:48 UTC 
verified this bug


# oc get route reen2
NAME      HOST/PORT                               PATH      SERVICES             PORT      TERMINATION   WILDCARD
reen2     reen2-default.0531-9ye.qe.rhcloud.com             header-test-secure   http      reencrypt     None
[root@host-8-175-82 ~]# curl https://reen2-default.0531-9ye.qe.rhcloud.com -k
<pre>
  user-agent: curl/7.29.0
  host: reen2-default.0531-9ye.qe.rhcloud.com
  accept: */*
  x-forwarded-host: reen2-default.0531-9ye.qe.rhcloud.com
  x-forwarded-port: 443
  x-forwarded-proto: https
  forwarded: for=10.8.175.82;host=reen2-default.0531-9ye.qe.rhcloud.com;proto=https
  x-forwarded-for: 10.8.175.82
</pre>
Comment 6 errata-xmlrpc 2017-08-10 05:23:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716