-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to strip headers for AWS Proxy #7596
Comments
Can you please put your collector config and logs |
Unfortunately , there are no errors in collector logs. We have set this using Istio, however, to isolate the issue you can run ADOT Collector (0.16.0), and run simple curl command: if you remove 'x-forwarded-proto', it works. The idea being, if you add a proxy in front of the collector, it will add x-forwarded-proto to the header. Since original request was made over 'http' , the value of 'x-forwarded-proto' will be http. This causes signing in awsproxy to break, and we get errors on client-side. |
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping |
This is still relevant |
@kovrus, do you think this would be suitable for the header setter? |
@jpkrohling It could be a good place to implement that, we can change the header setter config to look like the following:
what do you think? The name of the extension wouldn't reflect what it does though |
I wouldn't be against another rename, given that it's an organic evolution of the component. Consider also the |
I'll open an issue for the proposed change. |
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping |
Fixes open-telemetry#6849 Signed-off-by: Alex Boten <aboten@lightstep.com>
Is your feature request related to a problem? Please describe.
If we deploy a istio (envoy) proxy in front of the collector, the signing process fails because proxy sets x-forwarded-proto to 'http' causing a mismatch in the signing process.
Similar to aws-sig4-proxy, we need the ability to strip out or exclude headers from signing. See https://github.com/awslabs/aws-sigv4-proxy#examples
Describe the solution you'd like
Ability to pass an environment variable/configuration to exclude headers that would include headers that needs to be removed when using awsproxy. The default value of this configuration can include headers like x-forwarded-port,x-forwarded-proto
Describe alternatives you've considered
We are considering suppressing this header using envoy filters.
Additional context
To reproduce this issue, you can simply exec inside otel-collector, and run the curl command
The text was updated successfully, but these errors were encountered: