fixup! caddy-frontend: Stabilise proxy headers

922454fd · Łukasz Nowak · 347a8a54 · 922454fd · 922454fd · 922454fd
Commit 922454fd authored Jun 19, 2020 by Łukasz Nowak
3 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -54,7 +54,7 @@ md5sum = a72e9056eeda3c7c794f6f6560056380

 [template-cached-slave-virtualhost]
 _update_hash_filename_ = templates/cached-virtualhost.conf.in
-md5sum = 91c70037283fbdb2e9de384bbb83b3dc
+md5sum = e839ca3cb308f7fcdfa06c2f1b95e93f

 [template-log-access]
 _update_hash_filename_ = templates/template-log-access.conf.in

--- a/software/caddy-frontend/templates/cached-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/cached-virtualhost.conf.in
@@ -23,7 +23,7 @@
    try_interval {{ slave_parameter['proxy_try_interval'] }}ms

    header_upstream Host {host}
-    header_upstream -X-Forwarded-For
+{#    header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
    header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
    header_upstream -X-Forwarded-For-Real
    timeout {{ slave_parameter['request_timeout'] }}s
@@ -51,7 +51,7 @@
    try_duration {{ slave_parameter['proxy_try_duration'] }}s
    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
    header_upstream Host {host}
-    header_upstream -X-Forwarded-For
+{#    header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
    header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
    header_upstream -X-Forwarded-For-Real
    timeout {{ slave_parameter['request_timeout'] }}s

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -1621,8 +1621,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
      self.assertEqual(
        backend_header_dict['host'],
        '%s:%s' % (domain, port))
+    # XXX It's really hard to play with Caddy headers, thus we have to keep
+    #     some of them. As other solutions will come in future, more control
+    #     over sent X-Forwarded-For will be possible
    self.assertEqual(
-      backend_header_dict['x-forwarded-for'],
+      backend_header_dict['x-forwarded-for'].split(',')[0],
      source_ip
    )
    self.assertEqual(