1290643 – Wrong Forwarded Header format

Bug 1290643 - Wrong Forwarded Header format

Summary: Wrong Forwarded Header format

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	3.1.0
Hardware:	Unspecified
OS:	All
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Ram Ranganathan
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-12-11 02:34 UTC by Qi Yong
Modified:	2022-08-04 22:20 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-01-26 19:19:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:0070	0	normal	SHIPPED_LIVE	Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update	2016-01-27 00:12:41 UTC

Description Qi Yong 2015-12-11 02:34:44 UTC

Description of problem:
Customer JAVA application is based on Spring Hateoas [2].The HTTP "Forwarded" Header sent by the Router component does not follow the RFC [1]. It uses "," to separate elements instead of ";". So it does not work with customer's JAVA application either. 

Sample:
Header von Openshift Router:
Forwarded: for=192.0.2.60,proto=http,by=203.0.113.43

According to RFC [1] it should be:
Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43

RFE:
[1] https://tools.ietf.org/html/rfc7239#page-4
[2] https://github.com/spring-projects/spring-hateoas/blob/master/src/main/java/org/springframework/hateoas/mvc/ForwardedHeader.java

Version-Release number of selected component (if applicable):
3.1

How reproducible:


Steps to Reproduce:
1. oc rsh ROUTER-POD
2. vi /var/lib/haproxy/conf/haproxy.config
3. located "http-request set-header Forwarded for=%[src],host=%[req.hdr(host)],proto=%[req
.hdr(X-Forwarded-Proto)]"

Actual results:
http-request set-header Forwarded for=%[src],host=%[req.hdr(host)],proto=%[req
.hdr(X-Forwarded-Proto)]

Expected results:
http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req
.hdr(X-Forwarded-Proto)]


Additional info:

Comment 1 Ram Ranganathan 2015-12-15 20:07:57 UTC

Fixed with PR:  https://github.com/openshift/origin/pull/6327

Comment 2 Ram Ranganathan 2015-12-17 19:06:47 UTC

PR merged into origin.

Comment 3 zhaozhanqi 2015-12-18 08:55:59 UTC

Already verified this bug on origin, will move 'verified' this bug once it is merged to OSE.

Comment 4 zhaozhanqi 2015-12-22 09:17:53 UTC

This bug has been fix in OSE with router image:

rcm-img-docker01.build.eng.bos.redhat.com:5001/openshift3/ose-haproxy-router                     v3.1.1.0            fac972949d0e        2 days ago          412.7 MB


]# curl header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
<pre>
  user-agent: curl/7.40.0
  host: header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
  accept: */*
  x-forwarded-host: header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
  x-forwarded-port: 80
  x-forwarded-proto: http
  forwarded: for=10.66.136.57;host=header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com;proto=http
  x-forwarded-for: 10.66.136.57
</pre>

Comment 6 errata-xmlrpc 2016-01-26 19:19:45 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:0070

Note You need to log in before you can comment on or make changes to this bug.