Actions
Bug #18289
openProxy authentication fails when Foreman is behind nginx or apache
Description
When Proxy does not use client SSL certificate for authentication, we fallback to DNS resolv for IP of the client that did the call. This does not work if Foreman is proxied by Apache or nginx that sets X-Forwarded-For header since Rails do not trust ::1 or 127.0.0.1 by default - tracked as https://github.com/rails/rails/issues/5223 and even if it did it wouldn't work because we use request.ip instead of request.remote_ip. That means this can only work if the request is done from a proxy that is on the same host as Foreman. Related code is at https://github.com/theforeman/foreman/blob/698e916ce208b5040b83a908a058c83c94d158ee/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb#L85
Updated by The Foreman Bot over 7 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/4239 added
Updated by Marek Hulán almost 6 years ago
- Status changed from Ready For Testing to New
Actions