[Apiman-user] Proxy headers missing for processing policies
Eric Wittmann
eric.wittmann at redhat.com
Mon Aug 21 10:04:06 EDT 2017
That's very interesting because I don't believe Apiman is stripping out any
headers from the request (at any point). If that's happening I can't think
of what the root cause might be. IIRC we just copy all request headers
from the inbound HttpServletRequest into the ApiRequest bean.
GitHub is currently down so I can't send a link to the relevant code....
On Fri, Aug 18, 2017 at 11:16 PM, Stephen Henrie <stephen at saasindustries.com
> wrote:
>
> I have Apiman running in an openshift environment, which is essentially a
> similar configuration to running in kubernetes. Each container/pod is
> always receiving http/s requests through an HA Proxy server, so that the
> x-forwarded-* set of headers get added to each request by the proxy server.
>
> Unfortunately, it appears that the headers which are provided in the
> ApiRequet bean when the policy chain processor doApply() method is called
> does not include these proxy related headers. This means that the standard
> policies for the IP white and black listing policies do not work when the
> apiman gateway is behind a proxy server. The request.getRemoteAddr()
> method returns the ip address to the proxy server, so there is no way to
> get the ip address of the originator since the x-forwarded-for header ( and
> related headers ) are not found.
>
> Has anyone else experienced this? If so, is this by design?
>
> Thanks!
>
> Stephen
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20170821/33f5a464/attachment.html
More information about the Apiman-user
mailing list