Support default client proxy headers to be overwritten in VirtualServer #2735

centromere · 2022-06-03T21:36:19Z

Proposed changes

When using the VirtualServer CRD, it is not possible to override the default values of the following headers:

X-Real-IP
X-Forwarded-For
X-Forwarded-Host
X-Forwarded-Port
X-Forwarded-Proto

For example:

  - action:
      proxy:
        requestHeaders:
          set:
            - name: X-Forwarded-For
              value: ${http_cf_connecting_ip}
            - name: X-Forwarded-Proto
              value: ${scheme}-foo

Will result in the following:

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header X-Forwarded-For "${http_cf_connecting_ip}";

        proxy_set_header X-Forwarded-Proto "${scheme}-foo";

This causes the headers to be sent upstream twice: once with the default value and once with the overwritten value. This change prevents this behavior from happening.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

I have read the CONTRIBUTING doc
I have added tests that prove my fix is effective or that my feature works
I have checked that all unit tests pass after adding my changes
I have updated necessary documentation
I have rebased my branch onto main
I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

codecov-commenter · 2022-06-30T03:47:36Z

Codecov Report

Merging #2735 (d593c2a) into main (f70cf54) will increase coverage by 0.04%.
The diff coverage is 72.72%.

@@            Coverage Diff             @@
##             main    #2735      +/-   ##
==========================================
+ Coverage   52.52%   52.57%   +0.04%     
==========================================
  Files          58       59       +1     
  Lines       16070    16080      +10     
==========================================
+ Hits         8441     8454      +13     
+ Misses       7351     7349       -2     
+ Partials      278      277       -1

Impacted Files	Coverage Δ
internal/configs/version2/template_helper.go	`70.00% <70.00%> (ø)`
internal/configs/version2/template_executor.go	`60.46% <100.00%> (ø)`
internal/k8s/configuration.go	`95.76% <0.00%> (+0.36%)`	⬆️
...ternal/k8s/appprotect/app_protect_configuration.go	`86.74% <0.00%> (+0.57%)`	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

centromere · 2022-08-08T16:46:27Z

Is someone available to review this PR?

tomasohaodha · 2022-11-07T14:07:32Z

@centromere Many thanks for your PR on this one. Approved and merged.

…er (nginx#2735) Allow default gRPC/proxy headers to be overwritten in VirtualServer Co-authored-by: Alex Wied <centromere@users.noreply.github.com> Co-authored-by: Shaun <s.odonovan@f5.com>

centromere force-pushed the set-header-overrides branch 2 times, most recently from 82e7749 to 824b027 Compare August 8, 2022 16:43

brianehlert requested review from lucacome and ciarams87 August 8, 2022 18:30

lucacome requested review from a team and jjngx August 30, 2022 21:30

lucacome added the enhancement Pull requests for new features/feature enhancements label Aug 30, 2022

jasonwilliams14 assigned shaun-nx Nov 2, 2022

github-actions bot removed the enhancement Pull requests for new features/feature enhancements label Nov 3, 2022

shaun-nx approved these changes Nov 3, 2022

View reviewed changes

vepatel approved these changes Nov 3, 2022

View reviewed changes

brianehlert changed the title ~~Allow default gRPC/proxy headers to be overwritten in VirtualServer~~ Support default client proxy headers to be overwritten in VirtualServer Nov 3, 2022

brianehlert linked an issue Nov 3, 2022 that may be closed by this pull request

Support over-ride of default client proxy headers #3219

Closed

github-actions bot added documentation Pull requests/issues for documentation tests Pull requests that update tests labels Nov 3, 2022

lucacome force-pushed the set-header-overrides branch from 7e0a6de to 663d330 Compare November 3, 2022 19:00

github-actions bot removed documentation Pull requests/issues for documentation tests Pull requests that update tests labels Nov 3, 2022

Allow default gRPC/proxy headers to be overwritten in VirtualServer

f769a0b

lucacome force-pushed the set-header-overrides branch from 663d330 to f769a0b Compare November 3, 2022 19:01

Merge branch 'main' into set-header-overrides

d593c2a

shaun-nx merged commit 8ba2134 into nginx:main Nov 4, 2022

lucacome added the enhancement Pull requests for new features/feature enhancements label Jan 11, 2023

centromere deleted the set-header-overrides branch 8000 January 12, 2023 20:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Support default client proxy headers to be overwritten in VirtualServer #2735

Support default client proxy headers to be overwritten in VirtualServer #2735

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Support default client proxy headers to be overwritten in VirtualServer #2735

Support default client proxy headers to be overwritten in VirtualServer #2735

Uh oh!

Conversation

Proposed changes

Checklist

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

Uh oh!