Bug #37761: Cockpit integration fails with AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F in foreman-ssl_error_ssl.log - Installer - Foreman

Actions

Copy link

Bug #37761

closed

Cockpit integration fails with AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F in foreman-ssl_error_ssl.log

Added by Adam Ruzicka 4 months ago. Updated 3 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Adam Ruzicka

Category:

Foreman modules

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/puppet-foreman/pull/1185, https://github.com/theforeman/foreman-installer/pull/980

Fixed in Releases:

Foreman - 3.12.0, Foreman - 3.13.0

Found in Releases:

Red Hat JIRA:

SAT-27411

Description

Trying to access the web console takes the user to https://$foreman-fqdn/webcon/=$hostname?access_token=$token

Trying to access this url fails with 403, apparently mod_rewrite forbids rewrites where the request being rewritten contains %3F and the rewritten results has a ?. This behaviour can be turned off with a flag¹.

[1] - https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_unsafe_allow_3f

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Installer

Custom queries

Bug #37761

Cockpit integration fails with AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F in foreman-ssl_error_ssl.log

Updated by Adam Ruzicka 4 months ago

Updated by The Foreman Bot 4 months ago

Updated by The Foreman Bot 4 months ago

Updated by Adam Ruzicka 4 months ago

Updated by Adam Ruzicka 4 months ago

Updated by Evgeni Golov 3 months ago

Updated by The Foreman Bot 3 months ago

Updated by The Foreman Bot 3 months ago

Updated by Evgeni Golov 3 months ago

Updated by The Foreman Bot 3 months ago

Updated by The Foreman Bot 3 months ago