Project

General

Profile

Actions

Bug #23843

closed

Exclude Satellite fqdn and localhost from possible proxying when user set foreman http proxy

Added by Marek Hulán almost 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Rake tasks
Target version:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1585069

Description of problem:
There is new RFE which implemented general http proxy for foreman(+katello)
BZ 1333595

If you set the setting to valid http proxy then suddenly all katello pages (and even org edit) throws "403 Forbidden" at you !!! This ultimate breakage is caused by the fact that every request is now proxied, even between internal components and even requests to localhost !!!

Some requests cannot and must not be proxied, for example all katello pages requests candlepin (8443/tcp) going via proxy all is denied.

Unless you specify Satellite FQDN in "HTTP proxy except hosts" which is really really tricky and wouldn't be obvoius to many CUs.

So please exclude Satellite fqdn and localhost by default from being proxied.
Either by listing them by default in "HTTP proxy except hosts" or (for localhost most applicable) exluding them right away in http proxy code.

Version-Release number of selected component (if applicable):
@satellite-6.3.1-3.el7sat.noarch (6.3.2 Snap1)
foreman-1.15.6.43-1.el7sat.noarch

How reproducible:
deterministic

Steps to Reproduce:
1. Set HTTP proxy (having exlude list empty = which is default)
2. Navigate to any Katello page

"403 Forbidden" keeps smiling at ya

Actual results:
really really tricky and not obvious to many CUs.
setting http proxy breaks product

Expected results:
setting http proxy doesn't break anything

Actions #1

Updated by The Foreman Bot almost 6 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5673 added
Actions #2

Updated by Tomer Brisker almost 6 years ago

  • Subject changed from Exclude Satellite fqdn and localhost from possible proxying when user set foreman http proxy to Exclude Satellite fqdn and localhost from possible proxying when user set foreman http proxy
  • translation missing: en.field_release set to 330
Actions #3

Updated by The Foreman Bot almost 6 years ago

  • Pull request https://github.com/theforeman/foreman/pull/5678 added
Actions #4

Updated by Sebastian Gräßl almost 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF