1449022 – Router doesn't add X-Forwarded-For header to reencrypt route

Bug 1449022 - Router doesn't add X-Forwarded-For header to reencrypt route

Summary: Router doesn't add X-Forwarded-For header to reencrypt route

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	3.5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Jacob Tanenbaum
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1473160
TreeView+	depends on / blocked

Reported:	2017-05-09 05:39 UTC by Takayoshi Kimura
Modified:	2022-08-04 22:20 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: the router template does not add "option forwardfor" for reencrypt type routes Consequence: X-Forwarded-For section of http header file is missing Fix: add "option forwardfor" in the router template for reencrypt type routes. Result: X-Forwarded-For section of http header file is correctly populated
Clone Of:
Clones:	1473160 (view as bug list)
Environment:
Last Closed:	2017-08-10 05:23:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Origin (Github)	14142	0	None	None	None	2017-05-11 14:00:41 UTC
Red Hat Product Errata	RHEA-2017:1716	0	normal	SHIPPED_LIVE	Red Hat OpenShift Container Platform 3.6 RPM Release Advisory	2017-08-10 09:02:50 UTC

Description Takayoshi Kimura 2017-05-09 05:39:32 UTC

Description of problem:

Router doesn't add X-Forwarded-For header to reencrypt route. Plain http and edge route has it and "options forwardfor" in haproxy.config.

Version-Release number of selected component (if applicable):

3.5.5.8

How reproducible:

Always

Steps to Reproduce:
1. Create http, edge, reencrypt routes
2. Test it, or check haproxy.config
3.

Actual results:

X-Forwarded-For is missing when route is reencrypt

Expected results:

X-Forwarded-For is added

Additional info:

Comment 1 Jacob Tanenbaum 2017-05-11 14:00:41 UTC

Origin PR: https://github.com/openshift/origin/pull/14142

Comment 2 openshift-github-bot 2017-05-13 17:00:21 UTC

Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/5011cb4e72c34f264bc7099e072849220e5b325c
adding X-Forwarded-For header to reencrypt route

add X-Forwarded-For header for reencrypt routes, just as it is for edge routes

Bug 1449022

Comment 4 zhaozhanqi 2017-05-31 03:17:48 UTC

verified this bug


# oc get route reen2
NAME      HOST/PORT                               PATH      SERVICES             PORT      TERMINATION   WILDCARD
reen2     reen2-default.0531-9ye.qe.rhcloud.com             header-test-secure   http      reencrypt     None
[root@host-8-175-82 ~]# curl https://reen2-default.0531-9ye.qe.rhcloud.com -k
<pre>
  user-agent: curl/7.29.0
  host: reen2-default.0531-9ye.qe.rhcloud.com
  accept: */*
  x-forwarded-host: reen2-default.0531-9ye.qe.rhcloud.com
  x-forwarded-port: 443
  x-forwarded-proto: https
  forwarded: for=10.8.175.82;host=reen2-default.0531-9ye.qe.rhcloud.com;proto=https
  x-forwarded-for: 10.8.175.82
</pre>

Comment 6 errata-xmlrpc 2017-08-10 05:23:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716

Note You need to log in before you can comment on or make changes to this bug.