Project

General

Profile

Bug #23843

Exclude Satellite fqdn and localhost from possible proxying when user set foreman http proxy

Added by Marek Hulán about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
rake tasks
Target version:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1585069

Description of problem:
There is new RFE which implemented general http proxy for foreman(+katello)
BZ 1333595

If you set the setting to valid http proxy then suddenly all katello pages (and even org edit) throws "403 Forbidden" at you !!! This ultimate breakage is caused by the fact that every request is now proxied, even between internal components and even requests to localhost !!!

Some requests cannot and must not be proxied, for example all katello pages requests candlepin (8443/tcp) going via proxy all is denied.

Unless you specify Satellite FQDN in "HTTP proxy except hosts" which is really really tricky and wouldn't be obvoius to many CUs.

So please exclude Satellite fqdn and localhost by default from being proxied.
Either by listing them by default in "HTTP proxy except hosts" or (for localhost most applicable) exluding them right away in http proxy code.

Version-Release number of selected component (if applicable):
@satellite-6.3.1-3.el7sat.noarch (6.3.2 Snap1)
foreman-1.15.6.43-1.el7sat.noarch

How reproducible:
deterministic

Steps to Reproduce:
1. Set HTTP proxy (having exlude list empty = which is default)
2. Navigate to any Katello page

"403 Forbidden" keeps smiling at ya

Actual results:
really really tricky and not obvious to many CUs.
setting http proxy breaks product

Expected results:
setting http proxy doesn't break anything

Associated revisions

Revision e59a1da9 (diff)
Added by Sebastian Gräßl about 1 year ago

Fixes #23843 - Exclude requests to local host from proxying

History

#1 Updated by The Foreman Bot about 1 year ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5673 added

#2 Updated by Tomer Brisker about 1 year ago

  • Legacy Backlogs Release (now unused) set to 330
  • Subject changed from Exclude Satellite fqdn and localhost from possible proxying when user set foreman http proxy to Exclude Satellite fqdn and localhost from possible proxying when user set foreman http proxy

#3 Updated by The Foreman Bot about 1 year ago

  • Pull request https://github.com/theforeman/foreman/pull/5678 added

#4 Updated by Sebastian Gräßl about 1 year ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF