Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[gateway] Request not logged when X-Forwarded-For header contains host with port number #2937

Closed
NeubauerJohannes opened this issue Nov 25, 2019 · 0 comments

Comments

@NeubauerJohannes
Copy link

@NeubauerJohannes NeubauerJohannes commented Nov 25, 2019

We noticed recently that a request sent through an azure web appliction gateway does not appear in the logs. However, when we send an identical request directly to the gateway directly it is logged perfectly. So it seems that the app gateway is adding something to the request that causes the behavior.

Further investigations turned out that azure's application gateway tends to deliver not only the client's IP address but a combination of IP:PORT in the X-Forwarded-For (XFF) header which is not the case when we send the request to the gateway directly using postman. Gravitee's implementation seems to have trouble using this as no logs appear in elasticsearch when a request comes in through an azure app gateway.

The Headers which are added by the gateway are:

  Max-Forwards: 10
  X-FORWARDED-PROTO: https
  X-FORWARDED-PORT: 443
  X-ORIGINAL-HOST: some.host.name
  SEC-WEBSOCKET-EXTENSIONS:
  X-Original-URL: /Test/Coupons
  X-Forwarded-For: 1.2.3.4:51008
  X-ARR-SSL: (removed)
  X-ARR-LOG-ID: b5eda9fb-b48a-45a3-818d-63d35ad1d1d6

However, the request is processed nevertheless.

Expected Behavior

A message should be logged in elasticsearch when sent through azure's web application gateway.

Current Behavior

A message is not logged in elasticsearch when sent through azure's web application gateway. No exception is thrown in the gravitee logback system.

Possible Solution

Gravitee should be able to deal with the format IP:PORT for components in XFF header.
This was once fixed in #1468 but seems to be affecting current version once again.

Steps to Reproduce (for bugs)

pick any API on gravitee and set proxy log on for client and proxy
add an X-Forwarded-For header with dummy value (like 1.2.3.4:56000) to the request (did it with postman)
verify that no message is logged

Context

Gravitee behind an azure application gateway.

Your Environment

Gravitee 1.30 on docker 18.06 on CentOS 7.4

brasseld added a commit to gravitee-io/gravitee-gateway that referenced this issue Dec 4, 2019
@NicolasGeraud NicolasGeraud added this to the APIM - 1.30.1 milestone Dec 5, 2019
NicolasGeraud added a commit to gravitee-io/gravitee-gateway that referenced this issue Dec 5, 2019
NicolasGeraud added a commit to gravitee-io/gravitee-gateway that referenced this issue Dec 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
API Management
Awaiting triage
3 participants
You can’t perform that action at this time.