Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1449022 - Router doesn't add X-Forwarded-For header to reencrypt route
Router doesn't add X-Forwarded-For header to reencrypt route
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing (Show other bugs)
3.5.0
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: jtanenba
zhaozhanqi
:
Depends On:
Blocks: 1473160
  Show dependency treegraph
 
Reported: 2017-05-09 01:39 EDT by Takayoshi Kimura
Modified: 2017-08-16 15 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: the router template does not add "option forwardfor" for reencrypt type routes Consequence: X-Forwarded-For section of http header file is missing Fix: add "option forwardfor" in the router template for reencrypt type routes. Result: X-Forwarded-For section of http header file is correctly populated
Story Points: ---
Clone Of:
: 1473160 (view as bug list)
Environment:
Last Closed: 2017-08-10 01:23:08 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Origin (Github) 14142 None None None 2017-05-11 10:00 EDT
Red Hat Product Errata RHEA-2017:1716 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.6 RPM Release Advisory 2017-08-10 05:02:50 EDT

  None (edit)
Description Takayoshi Kimura 2017-05-09 01:39:32 EDT 
Description of problem:

Router doesn't add X-Forwarded-For header to reencrypt route. Plain http and edge route has it and "options forwardfor" in haproxy.config.

Version-Release number of selected component (if applicable):

3.5.5.8

How reproducible:

Always

Steps to Reproduce:
1. Create http, edge, reencrypt routes
2. Test it, or check haproxy.config
3.

Actual results:

X-Forwarded-For is missing when route is reencrypt

Expected results:

X-Forwarded-For is added

Additional info:
Comment 1 jtanenba 2017-05-11 10:00:41 EDT 
Origin PR: https://github.com/openshift/origin/pull/14142
Comment 2 openshift-github-bot 2017-05-13 13:00:21 EDT 
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/5011cb4e72c34f264bc7099e072849220e5b325c
adding X-Forwarded-For header to reencrypt route

add X-Forwarded-For header for reencrypt routes, just as it is for edge routes

Bug 1449022
Comment 4 zhaozhanqi 2017-05-30 23:17:48 EDT 
verified this bug


# oc get route reen2
NAME      HOST/PORT                               PATH      SERVICES             PORT      TERMINATION   WILDCARD
reen2     reen2-default.0531-9ye.qe.rhcloud.com             header-test-secure   http      reencrypt     None
[root@host-8-175-82 ~]# curl https://reen2-default.0531-9ye.qe.rhcloud.com -k
<pre>
  user-agent: curl/7.29.0
  host: reen2-default.0531-9ye.qe.rhcloud.com
  accept: */*
  x-forwarded-host: reen2-default.0531-9ye.qe.rhcloud.com
  x-forwarded-port: 443
  x-forwarded-proto: https
  forwarded: for=10.8.175.82;host=reen2-default.0531-9ye.qe.rhcloud.com;proto=https
  x-forwarded-for: 10.8.175.82
</pre>
Comment 6 errata-xmlrpc 2017-08-10 01:23:08 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.