Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

headers-whitelist does not pass headers #427

Open
kiblik opened this issue Feb 21, 2020 · 5 comments · May be fixed by #516
Open

headers-whitelist does not pass headers #427

kiblik opened this issue Feb 21, 2020 · 5 comments · May be fixed by #516
Labels
bug help wanted

Comments

@kiblik
Copy link

kiblik commented Feb 21, 2020

Hello,

I wanted to use parameter headers-whitelist but (as I said in #364), Cerebro doesn't pass my headers.

Cerebro version: 0.8.5

conf/application.conf:
...
hosts = [
  {
    host = "http://localhost:9200"
    name = "http://localhost:9200"
    headers-whitelist = ['authorization', 'x-forwarded-for', 'x-forwarded-host', 'x-forwarded-server', 'x-forwarded-user', 'x-proxy-user']
  }
]

Checking by ngrep:
ngrep -q -W byline '' 'tcp port 9200 or tcp port 9000' -d lo

Output:

T ::1:34654 -> ::1:9000 [AP] #368
POST /connect HTTP/1.1.
Host: localhost:9000.
Authorization: Basic dGVzdGVyOnRlc3Rlcg==.
Accept: application/json, text/plain, */*.
Sec-Fetch-Dest: empty.
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36.
DNT: 1.
Content-Type: application/json;charset=UTF-8.
Origin: https://test-cerebro.local:4433.
Sec-Fetch-Site: same-origin.
Sec-Fetch-Mode: cors.
Referer: https://test-cerebro.local:4433/.
Accept-Encoding: gzip, deflate, br.
Accept-Language: en-US,en;q=0.9,sk-SK;q=0.8,sk;q=0.7,cs;q=0.6.
X-Proxy-User: tester.
X-Forwarded-For: ::1.


T ::1:34654 -> ::1:9000 [AP] #370
X-Forwarded-Host: test-cerebro.local:4433.
X-Forwarded-Server: test-cerebro.local.
Connection: Keep-Alive.
Content-Length: 32.
.
{"host":"http://localhost:9200"}

T 127.0.0.1:57252 -> 127.0.0.1:9200 [AP] #372
GET /_cluster/health HTTP/1.1.
host: localhost:9200.
accept: */*.
user-agent: AHC/2.1.
.

Thanks for help
@lmenezes
Copy link
Owner

@kiblik Can you tell me a little about how does your setup looks like?

@kiblik
Copy link
Author

kiblik commented Mar 5, 2020

@lmenezes
HTTP-auth-proxy:443 (kerberos authentication - pass 'authorization' and add 'x-forwarded-...') -> cerebro:9000 -> ES:9200
Is it understandable?

@kiblik
Copy link
Author

kiblik commented Mar 11, 2020

ping @lmenezes

@JerryGuos
Copy link

I have the same problem. Have you solved it

@billryan billryan linked a pull request Jun 4, 2021 that will close this issue
Open
@billryan
Copy link

billryan commented Jun 4, 2021
edited
Loading

I think it's the host name configured in application.conf is not matching with host.

Try #516

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add default header whitelist config with wildcard host billryan/cerebro
5 participants
@moliware @lmenezes @billryan @kiblik @JerryGuos