Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1410156

Summary: [3.4] HTTP_X_FORWARDED_FOR incorrect in V3
Product: OpenShift Container Platform Reporter: Scott Dodson <sdodson>
Component: NetworkingAssignee: Ben Bennett <bbennett>
Networking sub component: router QA Contact: zhaozhanqi <zzhao>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: abhgupta, aos-bugs, bbennett, bingli, bleanhar, bmeng, dranders, erich, gareth.mcshane, knakayam, mmasters, mnapolis, sspeiche, trankin, zhaliu, zzhao
Version: 3.4.0Keywords: UpcomingRelease
Target Milestone: ---   
Target Release: 3.4.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Feature: Add option to allow HAProxy to expect incoming connections on port 80 or port 443 to use the PROXY protocol. Reason: So the source IP address can pass through a load balancer (if the load balancer supports the protocol, e.g. Amazon ELB). Result: If the ROUTER_USE_PROXY_PROTOCOL environment variable is set to "true" or "TRUE", HAProxy will expect incoming connections to use the PROXY protocol.
 Story Points: ---
Clone Of: 1385421 Environment:
Last Closed: 2017-01-31 20:19:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1385421, 1410157    
Bug Blocks:    

Comment 1 Scott Dodson 2017-01-04 15:47:26 UTC 
Proposed fix https://github.com/openshift/ose/pull/523
Comment 6 Meng Bo 2017-01-26 03:47:23 UTC 
Tested with OCP build 3.4.1.2 and router image v3.4.1.2 92a2e66f058f

The new env ROUTER_USE_PROXY_PROTOCOL and accept-proxy was added to the haproxy template and works well.

Verify the bug.
Comment 8 errata-xmlrpc 2017-01-31 20:19:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0218