Bug 98617 - loader doesn't send useful headers ie User-Agnet
loader doesn't send useful headers ie User-Agnet
Product: Red Hat Linux
Classification: Retired
Component: anaconda (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Jones
: FutureFeature
: 183650 (view as bug list)
Depends On:
Blocks: FC6Target
  Show dependency treegraph
Reported: 2003-07-04 23:03 EDT by Jack Neely
Modified: 2007-04-18 12:55 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-06-02 11:21:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jack Neely 2003-07-04 23:03:19 EDT
Description of problem:
The loader, when requesting a kickstart via HTTP does not send any usefull
information to the server.  Can we at least get a User-Agent header?

ftp.c line 453 from 9.0.93-0.20030703104410

Version-Release number of selected component (if applicable):

Steps to Reproduce:
1. Set up an apache something to store headers sent by a client
and/or tail -f the access.log
2. Boot a machine and instruct it to get a kickstart from your server
3. Notice the lack of any headers.
Comment 1 Michael Fulbright 2003-07-09 14:39:40 EDT
It isnt clear to me what one would need these headers for - do you have an example?
Comment 2 Jack Neely 2003-07-09 15:19:41 EDT
Basically, I need to be able to tell the difference between a real request for a
kickstart (from anaconda) vs. somebody poked a web browser at the kickstart server.

I'm using some mod_python + config files from administrators to kickstart
machines.  Due to security concerns I need to have a fairly good idea that the
HTTP request is from anaconda.  (Although I know that headers can be faked.) 
Ideally, this is used to trigger a time window so that in the %post the machine
can retreave a secret encryption key.  This is to prevent some one from poking
the server with a web browser from a "trusted" machine and figuring out how to
get the key themselves (because the poking would not trigger the time window).

Comment 3 Michael Fulbright 2003-07-11 11:52:59 EDT
I would recommend you instead have the machines boot with a small ks.cfg from CD
or floppy, and in that ks.cfg in the %pre you use something like wget or
python's urllib2 to pull the rest of the ks.cfg via an authenticated method, and
use the %include ks directive.

However I'll look into adding a user agent like

anaconda <productname> <version>

as well.

Comment 4 Need Real Name 2004-11-16 04:21:33 EST
Does Anaconda support basic authentication? I'd think that specifiying
name/pw from the boot menu would achieve the stated aim.
Comment 6 Chris Lumens 2006-03-02 10:26:25 EST
*** Bug 183650 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.