0 Replies Latest reply on Jul 13, 2017 9:50 AM by chrispoulsen

    Wildfly 10.1 generates invalid redirects when behind multiple proxies

    chrispoulsen
    chrispoulsen Jul 13, 2017 9:50 AM

      Hi,

       

      We are trying to setup a system with multiple proxies: AWS load-balancer -> Spring Boot Zuul proxy -> Wildfly (simply forwarding port 80 through the chain exhibits the error).

       

      Wildfly is configured with proxy-address-forwarding="true".

       

      The Zuul proxy appends to the x-forwarded-* headers (like it is supposed to, if I understand the protocol correct). Wildfly generates invalid Location headers in that setup.

       

      The dumped request/response looks like this:

       

      ==============================================================

      2017-07-13 11:25:36,119 INFO  [io.undertow.request.dump] (default task-6)

      ----------------------------REQUEST---------------------------

                     URI=/internal/

      characterEncoding=null

           contentLength=-1

             contentType=null

                  header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

                  header=accept-language=en

                  header=cache-control=no-cache

                  header=Accept-Encoding=gzip

                  header=pragma=no-cache

                  header=user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0

                  header=Connection=Keep-Alive

                  header=x-forwarded-proto=http,http

                  header=x-forwarded-port=80,80

                  header=x-forwarded-for=<my-ip>, <load-balancer-ip>

                  header=upgrade-insecure-requests=1

                  header=x-forwarded-host=<load-balancer-host-name>

                  header=host=<load-balancer-host-name>

                  locale=[en]

                  method=GET

                protocol=HTTP/1.1

             queryString=

              remoteAddr=<my-ip>:0

              remoteHost=<my-ip>

                  scheme=http,http

                    host=<load-balancer-host-name>

              serverPort=0

      --------------------------RESPONSE--------------------------

           contentLength=0

             contentType=null

                  header=Expires=-1

                  header=Cache-Control=no-cache

                  header=X-Powered-By=Undertow/1

                  header=Set-Cookie=JSESSIONID=gDFvl_3nY5rn9yUcj3sDaXN8dnMvjA6Ti9Lbm1_a.win-m5ucuvcm1t7; path=/internal

                  header=Server=WildFly/10

                  header=Location=http,http://<load-balancer-host-name>/internal/login/

                  header=Accept-Ranges=bytes

                  header=Date=Thu, 13 Jul 2017 11:25:36 GMT

                  header=Connection=keep-alive

                  header=Content-Length=0

                  status=302

      ==============================================================

       

      So it seems like Wildfly/undertow does not handle the x-forwarded-proto header correctly (notice the "Location=http,http://<correct-url>" header that is returned in the redirect...)

       

      Is there some kind of configuration magic that we are missing or is this a bug?