Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security][knox] include hue_lb in the list of allowed hosts #3403

Merged
merged 3 commits into from
Jul 18, 2023
Merged

[security][knox] include hue_lb in the list of allowed hosts #3403

merged 3 commits into from
Jul 18, 2023

Conversation

amitsrivastava
Copy link
Collaborator

For knox authentication, the host from header HTTP_X_FORWARDED_HOST is matched against the list of the knox gateways/hosts. But, when a request is passing through a hue_lb then the header contains the hostname of the LB and in such cases, the auth was failing.

This commit includes the hue_lb's in the the list to be matched with the FORWARDED_HOST values in the header.

Tested on cloudcat cluster with knox and HUE LB

Change-Id: I66bcbc74ecdf2ba7e623a41e345158da641a4ffd

@amitsrivastava
[security][knox] include hue_lb in the list of allowed hosts
a56b5f7 
For knox authentication, the host from header HTTP_X_FORWARDED_HOST is
matched against the list of the knox gateways/hosts. But, when a request
is passing through a hue_lb then the header contains the hostname of the
LB and in such cases, the auth was failing.

This commit includes the hue_lb's in the the list to be matched with the
FORWARDED_HOST values in the header.

Tested on cloudcat cluster with knox and HUE LB

Change-Id: I66bcbc74ecdf2ba7e623a41e345158da641a4ffd
Harshg999
Harshg999 approved these changes Jul 18, 2023
View reviewed changes
Copy link
Collaborator

@Harshg999 Harshg999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@amitsrivastava amitsrivastava enabled auto-merge (rebase) July 18, 2023 09:53
@amitsrivastava amitsrivastava merged commit 475a606 into master Jul 18, 2023
@amitsrivastava amitsrivastava deleted the dev/amit/hue_lb_knox_proxyhosts branch July 18, 2023 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wing2fly wing2fly wing2fly approved these changes

@Harshg999 Harshg999 Harshg999 approved these changes

@quadoss quadoss Awaiting requested review from quadoss

@ranade1 ranade1 Awaiting requested review from ranade1

@athithyaaselvam athithyaaselvam Awaiting requested review from athithyaaselvam

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@amitsrivastava @wing2fly @Harshg999