Project

General

Profile

Actions

Bug #8346

open

[API] Bad compute node address detection on private networks

Added by Brett Smith almost 9 years ago. Updated 10 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
API
Target version:
Story points:
-
Release:
Release relationship:
Auto

Description

This story follows #8198, which started using X-Forwarded-For to detect and set the IP address of compute nodes. However, when determining the likely IP of the remote client, Rails filters out any private address. If nothing's left after that, it falls back to using $REMOTE_ADDR as before.

This means that when compute nodes themselves are on a private network (e.g., 10/8), the API server ultimately "detects" their IP address as Nginx's (usually 127.0.0.1), putting wrong information in the node record.

action_dispatch.trusted_proxies became configurable in Rails 4. If we do #7709, the administrator can fix this by setting trusted_proxies to only Nginx's IP address.

Actions

Also available in: Atom PDF