Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check upstream X-Forwarded-Proto prior to redirect #466

Merged
merged 4 commits into from
Mar 19, 2018
Merged

Check upstream X-Forwarded-Proto prior to redirect #466

merged 4 commits into from
Mar 19, 2018

Conversation

aaronhurt
Copy link
Member

@aaronhurt aaronhurt commented Mar 13, 2018
edited by magiconair
Loading

The AWS load balancer terminates SSL and passes plain HTTP
to fabio but does not offer the ability to do a schema redirect.

Therefore, fabio running behind an AWS ELB with a schema
redirect rule results in a redirect loop.

Fixes #448

Aaron Hurt and others added 3 commits March 13, 2018 16:33
Check upstream X-Forwarded-Proto prior to redirect
9250e1c 
The AWS load balancer terminates SSL and passes plain HTTP
to fabio but does not offer the ability to do a schema redirect.

Therefore, fabio running behind an AWS ELB with a schema
redirect rule results in a redirect loop.  This PR fixes fabiolb#448.
@aaronhurt
make redirect protection more generic
5b8f04a
@aaronhurt
Further improvements to redirect loop detection.
71d2972 
We now generate the redirectURL in the lookup function
and use it for loop detection.  We also cache the redirectURL
in the target for later use to prevent re-generation.
@aaronhurt aaronhurt mentioned this pull request Mar 16, 2018
Closed
@magiconair magiconair added this to the 1.5.9 milestone Mar 19, 2018
@magiconair magiconair merged commit dca15bd into fabiolb:master Mar 19, 2018
@magiconair
Copy link
Contributor

Thanks a lot!

aaronhurt
aaronhurt commented Mar 19, 2018
View reviewed changes
proxy/http_proxy.go
@@ -99,8 +99,7 @@ func (p *HTTPProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}

if t.RedirectCode != 0 {
redirectURL := t.GetRedirectURL(requestURL)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@magiconair I know this already got merged but I was thinking maybe the above if statement should be t.RedirectCode != 0 && t.RedirectURL != nil just to be safe?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. See #477

magiconair added a commit that referenced this pull request Mar 26, 2018
@magiconair
Issue #466: make redirect code more robust
12ddce8 
Check if the redirect url is not nil.

See #466
@magiconair magiconair mentioned this pull request Mar 26, 2018
Merged
magiconair added a commit that referenced this pull request Mar 26, 2018
@magiconair
Merge pull request #477 from fabiolb/pr466-more-robust
c718014 
Issue #466: make redirect code more robust
@aaronhurt aaronhurt deleted the issue/448 branch January 22, 2020 22:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@magiconair magiconair magiconair left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.5.9
Development

Successfully merging this pull request may close these issues.
2 participants
@aaronhurt @magiconair