-
Notifications
You must be signed in to change notification settings - Fork 284
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
404 if Host header include port number 443 #959
Comments
Workaround: Add the same policy but with port number appended to
|
@yegle This is how envoy works. We can make envoy strip the port part from domain, by set |
Yes found this https://www.envoyproxy.io/docs/envoy/latest/faq/debugging/why_is_my_route_not_found also suggest to set I would assume it's as easy as adding a here pomerium/internal/controlplane/xds_listeners.go Lines 189 to 227 in 84dde09
|
I was a bit confused. It looks like the commit envoyproxy/envoy@111684f is not part of any Envoy release yet. And the go control plane library is likely kept in sync with Envoy so it doesn't have I guess we'll have to use the workaround for now. |
Yes, we will have to wait new envoy release. |
With envoy 1.15.0 release, strip host port matching setting allows incoming request with Host "example:443" will match again route with domains match set to "example". Not that this is not standard HTTP behavior, but it's more convenient for users. Fixes #959
* internal/controlplane: using envoy strip host port matching With envoy 1.15.0 release, strip host port matching setting allows incoming request with Host "example:443" will match again route with domains match set to "example". Not that this is not standard HTTP behavior, but it's more convenient for users. Fixes #959 * docs/docs: add note about enable envoy strip host port matching
This is not fully resolved. It looks like a request with header
Policy config:
|
\cc @cuonglm / @calebdoxsey |
The route matching code in authorize needs to be updated. |
What happened?
If
Host
header includes the standard 443 port number, Pomerium will return 404.What did you expect to happen?
Should handle the request correctly.
How'd it happen?
x
y
z
What's your environment like?
pomerium --version
or/ping
endpoint):pomerium/v0.9.0 (+github.com/pomerium/pomerium; 84dde09; go1.14.4)
Docker
What's your config.yaml?
N/A
What did you see in the logs?
Additional context
Similar but probably unrelated bug #352
The text was updated successfully, but these errors were encountered: