Red Hat Bugzilla – Bug 215547
Bugzilla frequently logs out behind a firewall
Last modified: 2014-06-18 04:21:55 EDT
Description of problem:
While using RH Bugzilla from behind the Dell corporate firewall (proxy),
Bugzilla logs you out every 30 secs or less of inactivity. This makes using RH
Bugzilla completely *unusable*. Works great from home when directly connecting
to the Internet.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Login to RH Bugzilla from behind a firewall such as foo.bar.com with your
2. Stay inactive for ~ 30 secs
3. Try to access some (non-public) bug that requires you to remain logged in
Bugzilla takes you to the login page and makes you login again
Should stay logged in and Bugzilla should take you the issue
This is a more recent observation (past 3 mos. perhaps) and didn't use to happen
before that. This only happens with RH's version of Bugzilla. Other public
Bugzillas (Xorg, Kernel, SuSE etc.) work fine from behind the firewall and keep
you logged in.
It's worth noting that Dell's proxy servers are actually a farm, with round
robin DNS set to 30 seconds. So every 30 seconds the clients will be using a
different proxy. So client IP-based cookies for authentication won't work
well, and is most likely the cause.
Well that would be the problem in this case. Is this something that has changed
recently since (as far as I know) dell.com accounts have been working up until
recently? Nothing has changed on the Bugzilla code side for quite a while now.
no change here, it's been broken for a long time. Amit's just feeling the most
pain right now.
Ok, I changed the configuration so that it will accept an IP that remains within
a /24. But perhaps I should have asked Matt how big is the round robin pool first?
How about a /16 :-)
Seriously. The Dell Austin pool looks like it bounces between 143.166.99.x
Still working from home. Will provide feedback once I'm behind the firewall
Amit, putting this in NEEDINFO pending your response to "Does this change
resolve the problem?"
Also, I'm curious why Dell has problems with Red Hat's Bugzilla but not the
Novelll/SuSE or kernel.org versions? Is Red Hat "avant garde" or in the "Dark
Ages" regarding our Bugzilla version compared to the other two examples?
It is a configuration option in all bugzillas. Ours was configured to be more
strict than others.
AIUI this is the first complaint we have had about it.
Those may be using a newer version of Bugzilla which allows user to disable the
IP address tracking feature of Bugzilla as a preference. This causes a slight
loss in security as it makes it a little easier for someone to spoof another's
account. We do not allow this to be disabled currently.
So, as of this morning (brand new), bugzilla login page has an option exposed to
users labeled "Restrict this session to this IP address". This is checked by
default. If you login with this option checked, the behavior is still as before
and frequent (every 30 secs) logins are required. Unchecking the box, makes your
sessions persist and sessions persist like a charm!!
Thanks for implementing. We can close this request now. Now, if we could only
get some of the same magic from Dave/Kevin in our (other) master bugzilla woes
tracker i.e. bz# 213248, that would be grrrreat!!!!! ;-)