New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for X-Forwarded-For breaks existing behavior #1189
Comments
@vrozov First, the simple thing:
This is standard behavior for config values that are backed by a Java enum, so quite a few other Presto configuration properties. We make all case-insensitive, or none. Let's keep this discussion aside though.
I see where you're coming from and I partially agree. Let me copy my explanation from #1033 (comment)
I see two options going forward:
|
See discussion in trinodb#1189
(In case we choose to go with option 2, I already made a PR with the change. I picked "WARN" as the name for the default behavior.) |
I prefer option 1, we need to make sure that this is properly described in release notes. |
@findepi, can you elaborate on what are the security implications you mention? I’ve never run into an HTTP server implementation that rejects a request when that header is provided. Btw here’s the “standardization” of that header: https://tools.ietf.org/html/rfc7239 |
"remote user address" gives information about a user. You may rely on this information. Yet, if you use proxy in front of Presto, you don't have the information. |
Unfortunately, I missed the original issue. But after reading the explanation, and the proposed options, I believe the current implementation is the right way. This is one of those situations where both options are a security hole, depending on the environment:
Using On the other hand, respecting the header is a new feature, so |
We have discuss this at length and decided to change the default behavior to Thanks @vrozov for your report! |
After upgrading to the latest build, existing installation does not work and connections are rejected with "Presto is configured to REJECT this header: X-Forwarded-For". It is not clear why the default is REJECT and not IGNORE, so it preserves the functionality. If REJECT is more suitable, why not to log a warning and proceed. Additionally,
dispatcher.forwarded-header
should not be case sensitive and should equally acceptignore
oraccept
.The text was updated successfully, but these errors were encountered: