[
https://issues.apache.org/jira/browse/NIFI-16018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18088951#comment-18088951
]
ASF subversion and git services commented on NIFI-16018:
--------------------------------------------------------
Commit fda655bc333640b2e9b8d8a0adefc40f05992f44 in nifi's branch
refs/heads/main from Zoltan Kornel Torok
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=fda655bc333 ]
NIFI-16018: Handle port number in header validator
Signed-off-by: Pierre Villard <[email protected]>
This closes #11335.
> X-Forwarded-Host could also contains port number, which lead to misdirect
> request
> ---------------------------------------------------------------------------------
>
> Key: NIFI-16018
> URL: https://issues.apache.org/jira/browse/NIFI-16018
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 2.10.0
> Reporter: Zoltán Kornél Török
> Assignee: Zoltán Kornél Török
> Priority: Major
> Fix For: 2.10.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> In https://issues.apache.org/jira/browse/NIFI-15953 a new class
> ProxyHeaderValidatorCustomizer introduced which checks nifi.web.proxy.host
> config and if a proxy is not listed there, then request is not allowed. One
> of the header which is checked is "X-Forwarded-Host". The problem is, that
> some of the proxy is put not only the hostname into that header, but also
> port number. For example: X-Forwarded-Host: knox.example.com:8443
> When this happens, the readed hostheader contains the port number and it not
> match with the configured proper hostname. We need to extend the code to
> remove the port number from the headers if presented
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
