Project

General

Profile

Actions
Copy link

Bug #8346

open

[API] Bad compute node address detection on private networks

Added by Brett Smith about 8 years ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
API
Target version:
Future
Story points:
-
Release:
Postponed
Release relationship:
Auto

Description

This story follows #8198, which started using X-Forwarded-For to detect and set the IP address of compute nodes. However, when determining the likely IP of the remote client, Rails filters out any private address. If nothing's left after that, it falls back to using $REMOTE_ADDR as before.

This means that when compute nodes themselves are on a private network (e.g., 10/8), the API server ultimately "detects" their IP address as Nginx's (usually 127.0.0.1), putting wrong information in the node record.

action_dispatch.trusted_proxies became configurable in Rails 4. If we do #7709, the administrator can fix this by setting trusted_proxies to only Nginx's IP address.

Actions
Copy link
 #1

Updated by Brett Smith about 8 years ago

  • Target version set to Arvados Future Sprints
Actions
Copy link
 #2

Updated by Ward Vandewege almost 3 years ago

  • Target version deleted (Arvados Future Sprints)
Actions
Copy link
 #3

Updated by Peter Amstutz about 1 year ago

  • Release set to 60
Actions
Copy link
 #4

Updated by Peter Amstutz about 2 months ago

  • Target version set to Future
Actions
Copy link

Also available in: Atom PDF