Bug 1410156 - [3.4] HTTP_X_FORWARDED_FOR incorrect in V3
Summary: [3.4] HTTP_X_FORWARDED_FOR incorrect in V3
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.4.z
Assignee: Ben Bennett
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On: 1385421 1410157
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-04 15:46 UTC by Scott Dodson
Modified: 2020-05-14 15:30 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Feature: Add option to allow HAProxy to expect incoming connections on port 80 or port 443 to use the PROXY protocol. Reason: So the source IP address can pass through a load balancer (if the load balancer supports the protocol, e.g. Amazon ELB). Result: If the ROUTER_USE_PROXY_PROTOCOL environment variable is set to "true" or "TRUE", HAProxy will expect incoming connections to use the PROXY protocol.
Clone Of: 1385421
Environment:
Last Closed: 2017-01-31 20:19:31 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0218 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.4.1.2 bug fix update 2017-02-01 01:18:20 UTC

Comment 1 Scott Dodson 2017-01-04 15:47:26 UTC
Proposed fix https://github.com/openshift/ose/pull/523

Comment 6 Meng Bo 2017-01-26 03:47:23 UTC
Tested with OCP build 3.4.1.2 and router image v3.4.1.2 92a2e66f058f

The new env ROUTER_USE_PROXY_PROTOCOL and accept-proxy was added to the haproxy template and works well.

Verify the bug.

Comment 8 errata-xmlrpc 2017-01-31 20:19:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0218


Note You need to log in before you can comment on or make changes to this bug.