Skip to content

HTTPProxy: Validate literal host rewrites are valid hostnames #5788

New issue
New issue
Open
#7119
Open
HTTPProxy: Validate literal host rewrites are valid hostnames#5788
#7119
Assignees
DHRUVKHANDELWAL00
Labels
area/httpproxyIssues or PRs related to the HTTPProxy API.good first issueDenotes an issue ready for a new contributor, according to the "help wanted" guidelines.help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
@sunjayBhatia

Description

@sunjayBhatia
sunjayBhatia
opened on Sep 29, 2023

We should validate that when using

contour/apis/projectcontour/v1/httpproxy.go

Lines 1270 to 1274 in bbccbff

// HeadersPolicy defines how headers are managed during forwarding.
// The `Host` header is treated specially and if set in a HTTP response
// will be used as the SNI server name when forwarding over TLS. It is an
// error to attempt to set the `Host` header in a HTTP response.
type HeadersPolicy struct {
and rewriting the Host header with a literal hostname (not dynamic hostname that comes from another header) that is is a valid value so we do not pass invalid hostnames to Envoy to rewrite and cause issues in rejected config or in the request that gets to the backend.

          hm, might be good to do in a follow up but we should maybe be validating this doesn't get through to Envoy since this is a completely invalid hostname

Originally posted by @sunjayBhatia in #5678 (comment)

Metadata

Metadata

Assignees

Labels

area/httpproxyIssues or PRs related to the HTTPProxy API.good first issueDenotes an issue ready for a new contributor, according to the "help wanted" guidelines.help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions