-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Badly configured HttpConfiguration.securePort can lead to wrong port produced by ForwardedHeader #5417
Comments
…tter Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Opened PR #5419 The port in the implied case, like yours, is being pulled from the HttpConfiguration you have. The To say this differently, take this setup.
The Server in this scenario, should have a If this was a bit more complex it might make more sense this way ...
In this scenario, the browser is talking to The forwarding headers from the Proxy to the Server would look like this ...
So that means the server's |
+ Merge ProxyPass tests from CheckReverseProxyHeadersTest into ForwardedRequestCustomizerTest + Deleted CheckReverseProxyHeadersTest.java + Add more tests for ForcedHost configuration + Updated ForwardedRequestCustomizer to conform to expectations Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
…o-port Issue #5417 - Honoring implied ports on ForwardedRequestCustomizer better
Fixed by #5419 |
Picks up https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.33.v20201019 which includes a fix for jetty/jetty.project#5417 fix is out (PR: jetty/jetty.project#5419 )
Picks up https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.33.v20201019 which includes a fix for jetty/jetty.project#5417 fix is out (PR: jetty/jetty.project#5419 )
…020 (#124) * [JENKINS-63958] - Update Jetty from 9.4.32.v20200930 to 9.4.33.v20201019 Picks up https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.33.v20201019 which includes a fix for jetty/jetty.project#5417 fix is out (PR: jetty/jetty.project#5419 ) * Update parent POM * jetty version is 9.4.33.v20201020 Signed-off-by: olivier lamy <olamy@apache.org> * parent 1.59 is broken argLine Signed-off-by: olivier lamy <olamy@apache.org> Co-authored-by: olivier lamy <olamy@apache.org>
Jetty version
9.4.32
Java version
AdoptOpenJDK build 1.8.0_262-b10
OS type/version
Linux CentOS 7.8 Kernel 3.10.0-1062.el7.x86_64
Description
For us the changes related to #5224 or #5247 have some surprising regression with 9.4.32
Our reverse-proxy (haproxy) always sends a RFC7239 style forwarded header towards jetty.
This always worked fine with 9.4.31 but with 9.4.32 it suddenly adds the (wrong) port to the requestURL
A simple example just printing out
request.getRequestURL()
Request forwarded from upstream haproxy:
Answer from 9.4.31:
Answer from 9.4.32:
Looks like the port 8443 is added in error here.
The text was updated successfully, but these errors were encountered: