Zoltán Kornél Török created NIFI-16018:
------------------------------------------
Summary: X-Forwarded-Host could also contains port number, which
lead to misdirect request
Key: NIFI-16018
URL: https://issues.apache.org/jira/browse/NIFI-16018
Project: Apache NiFi
Issue Type: Bug
Affects Versions: 2.10.0
Reporter: Zoltán Kornél Török
Assignee: Zoltán Kornél Török
Fix For: 2.10.0
In https://issues.apache.org/jira/browse/NIFI-15953 a new class
ProxyHeaderValidatorCustomizer introduced which checks nifi.web.proxy.host
config and if a proxy is not listed there, then request is not allowed. One of
the header which is checked is "X-Forwarded-Host". The problem is, that some of
the proxy is put not only the hostname into that header, but also port number.
For example: X-Forwarded-Host: knox.example.com:8443
When this happens, the readed hostheader contains the port number and it not
match with the configured proper hostname. We need to extend the code to remove
the port number from the headers if presented
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
