Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oathkeeper does not support X-Forwarded headers properly #1139

Open
3 of 5 tasks
eratolekov opened this issue Nov 9, 2023 · 2 comments
Open
3 of 5 tasks

Oathkeeper does not support X-Forwarded headers properly #1139

eratolekov opened this issue Nov 9, 2023 · 2 comments
Labels
bug Something is not working.

Comments

@eratolekov
Copy link

Preflight checklist

Ory Network Project

No response

Describe the bug

Hi Ory Team

I guess the access rules of Ory Oathkeeper do not support X-Forwarded-* headers properly.

Reproducing the bug

Steps to reproduce a bug with x-forwarded headers

  1. Clone the repo
  2. Run the docker-compose.yml
  3. Perform this command:
curl -v -H "X-Forwarded-Host: dev.pp" -H "X-Forwarded-Proto: http" -H "x-forwarded-port: 4455"  http://localhost:4455/header

Actual result:

404 Not Found

Expected result:

200 OK

{ "args": {}, 
  "data": "", 
  "files": {}, 
  "form": {}, 
  "headers": { 
    "Accept": "/", 
    "Accept-Encoding": "gzip", 
    "Host": "dev.pp", 
    "User-Agent": "curl/7.68.0", 
    "X-Amzn-Trace-Id": "Root=1-654d02aa-1ed22ecf2a4623d66ae70ac3" 
  }, 
  "json": null, 
  "method": "GET", 
  "origin": "91.215.139.68", 
  "url": "https://dev.pp/anything/header" 
}

While, request with Host header works like a charm:

curl -v -H "Host: dev.pp:4455" http://localhost:4455/header

Response:

200 OK

{
  "args": {},
  "data": "",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "*/*",
    "Accept-Encoding": "gzip",
    "Host": "dev.pp",
    "User-Agent": "curl/7.68.0",
    "X-Amzn-Trace-Id": "Root=1-654d0c78-4f0df818446962ab50e760ab"
  },
  "json": null,
  "method": "GET",
  "origin": "91.215.139.68",
  "url": "https://dev.pp/anything/header"
}

Relevant log output

No response

Relevant configuration

log:
  level: debug
  format: json
serve:
  proxy:
    trust_forwarded_headers: true
errors:
  fallback:
    - json
  handlers:
    json:
      enabled: true
      config:
        verbose: true
access_rules:
  matching_strategy: glob
  repositories:
    - file:///etc/config/oathkeeper/access-rules.yml
authenticators:
  anonymous:
    enabled: true
    config:
      subject: guest
  noop:
    enabled: true
authorizers:
  allow:
    enabled: true
mutators:
  noop:
    enabled: true

Version

0.40.6

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker Compose

Additional Context

No response
@eratolekov eratolekov added the bug Something is not working. label Nov 9, 2023
@8th-block
Copy link

8th-block commented Apr 20, 2024
edited

Same issue here with v0.40.7! Ory ppl, i am happy to send logs

@eratolekov have you been able to sort this out on your end?

@eratolekov
Copy link
Author

@eratolekov have you been able to sort this out on your end?

nope

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eratolekov @8th-block