Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dealing with host:port in Host header #1368

Closed
arkodg opened this issue Apr 26, 2023 · 4 comments · Fixed by #1389
Closed

Dealing with host:port in Host header #1368

arkodg opened this issue Apr 26, 2023 · 4 comments · Fixed by #1389
Labels
kind/decision A record of a decision made by the community.
Milestone
Backlog

Comments

@arkodg
Copy link
Contributor

arkodg commented Apr 26, 2023
edited

Description:
We need a way to support the use case when the Host header contains a port e.g. example.com:1234 which is valid according to the RFC. This gets tricky because the Gateway API does not intend to allow
(more in kubernetes-sigs/gateway-api#1936) specifying port in the Hostnames field with Gateway and HTTPRoute .

3 options I can think of as a workaround

  1. Strip the port from the Host header using a knob in Envoy https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto.
    This gets tricky because incoming service port and container port might differ so we might need to use strip_any_host_port instead of strip_matching_host_port.
  2. Create another xds route with a match to hostname:listener-port
  3. Circumvent the issue by not specifying any Hostnames in Gateway or HTTPRoute and instead relying
    on a header match to the :authority header
    Changes HTTPRoute hostname matching to ignore trailing port numbers. #1311 (comment)

Relates to #1311
@arkodg arkodg added this to the Backlog milestone Apr 26, 2023
@arkodg arkodg added the kind/decision A record of a decision made by the community. label Apr 26, 2023
@arkodg
Copy link
Contributor Author

arkodg commented Apr 26, 2023

ptal @envoyproxy/gateway-maintainers

@arkodg arkodg mentioned this issue May 2, 2023
Closed
@arkodg
Copy link
Contributor Author

arkodg commented May 2, 2023

vote for 1. strip_any_host_port since its less complex, and easier to maintain, although its a wider match, the user can add an extra match to tighten it. e.g.

      rules:
        - matches:
              headers:
                - name: ":authority"
                  value: "example.com:1234"

@AliceProxy
Copy link
Member

Prefer setting strip_any_host_port automatically whenever we have an HTTPRoute/etc. that sets a hostname. CIrcumventing it via the provided workaround will also enable users who may not want to have the port stripped from the header for whatever reason.

arkodg added a commit to arkodg/gateway that referenced this issue May 3, 2023
@arkodg
Strip port from host if user specifies a Hostname
d0b98ff 
* This allows us to ignore the port section from the
Host header when matching incoming requests based
on the Host/Authority header and the Hostname specified
by the user

Fixes: envoyproxy#1368

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
@arkodg arkodg mentioned this issue May 3, 2023
Merged
arkodg added a commit to arkodg/gateway that referenced this issue May 3, 2023
@arkodg
Strip port from host if user specifies a Hostname
72d1d9c 
* This allows us to ignore the port section from the
Host header when matching incoming requests based
on the Host/Authority header and the Hostname specified
by the user

Fixes: envoyproxy#1368

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
arkodg added a commit to arkodg/gateway that referenced this issue May 3, 2023
@arkodg
Strip port from host if user specifies a Hostname
e85484e 
* This allows us to ignore the port section from the
Host header when matching incoming requests based
on the Host/Authority header and the Hostname specified
by the user

Fixes: envoyproxy#1368

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
zirain pushed a commit that referenced this issue May 4, 2023
@arkodg
feat: Strip port from host if user specifies a Hostname (#1389)
b84b88a 
* Strip port from host if user specifies a Hostname

* This allows us to ignore the port section from the
Host header when matching incoming requests based
on the Host/Authority header and the Hostname specified
by the user

Fixes: #1368

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* or logic for listener.Hostname, route.Hostanmes()

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* fix more yaml

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

---------

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
@jackkleeman
Copy link
Contributor 

      rules:
        - matches:
              headers:
                - name: ":authority"
                  value: "example.com:1234"

This doesn't work actually due to CRD valuation on the name field which doesn't allow :

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/decision A record of a decision made by the community.
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

feat: Strip port from host if user specifies a Hostname arkodg/gateway
3 participants
@arkodg @jackkleeman @AliceProxy