Project

General

Profile

Actions

Bug #11537

closed

[keepproxy] detect proxy loop (broken config) -- return an error if keepproxy receives a request from itself

Added by Tom Clegg almost 7 years ago. Updated almost 7 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Keep
Target version:
Story points:
1.0

Description

The manual setup procedure makes it easy to misconfigure keepproxy and Nginx such that keepproxy fulfills requests by forwarding requests to itself. Even when setup/configuration is automated, bugs and races could cause this condition sometimes.

Keepproxy should detect this situation and return an error and log an appropriate message, to make it easier for a sysadmin to detect.

The HTTP "Via" header is good for this. See https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.45

Implementation:
  • in sdk/go/keepclient, add a field "Do func(*http.Request) (*http.Response, error)".
  • if kc.Do is not nil, keepclient should use that function instead of instead of kc.Client.Do().
  • keepproxy should set kc.Do to a func that adds a Via header (e.g., "Via: HTTP/1.1 keepproxy" where HTTP/1.1 is req.Proto) and then calls kc.Client.Do().
  • if an incoming request has a Via header containing the string " keepproxy", respond 500 and log an error message ("proxy loop detected: perhaps keepproxy is misidentified by gateway config as an external client, or its keep_services record does not have service_type=proxy?")

Subtasks 1 (0 open1 closed)

Task #11573: Review 11537-keepproxy-loopResolvedRadhika Chippada04/20/2017Actions
Actions

Also available in: Atom PDF