Here is the URL:
https://landfill.bugzilla.org/bugzilla-tip/
In my code I have this:
Server server = new Server(host, port, path);
From the URL, what is host, what is port and what is path? What are the input values of the method?
Host: landfill.bugzilla.org
Port: 443 (default)
Path: bugzilla-tip
https://www.rfc-editor.org/rfc/rfc1738
Unfortunately the other answers in this question can be slightly misleading. Referring landfill.bugzilla.org to as host is correct in this specific example, but if the port was other than 443 then it would be incorrect.
https:// by default uses port 443, so you may omit it in the URL, otherwise it would of looked like this https://landfill.bugzilla.org:443/bugzilla-tip:
Protocol: https://
Hostname: landfill.bugzilla.org
Port: 443
Host: landfill.bugzilla.org or landfill.bugzilla.org:443 (depending, read below)
Hostport: landfill.bugzilla.org:443
Path: bugzilla-tip
host and hostname are not the same in all instances. For example in JavaScript location.host will return www.geeksforgeeks.org:8080 while location.hostname returns www.geeksforgeeks.org. So sometimes it's only the "same" when the default ports on the protocol are being used depending.
More info: https://www.rfc-editor.org/rfc/rfc1738
Have a look at this:
http://bl.ocks.org/abernier/3070589
Host: landfill.bugzilla.org
Port: 443 (HTTPS)
Path: /bugzilla-tip
for more details please read this
In your case with Host the code is referring to: landfill.bugzilla.org *
Port: By default the https port is 443, but you should check this.
Path: /bugzilla-tip
*Although this is theoretically not quite correct, just put it that way for simplicity.
landfill.bugzilla.org is the URL that indicates to which DNS servers it has to go to resolve the Host name, which is "landfill".
The correct answer at the configuration level is that the host is "landfill" and "landfill.bugzilla.org" is the full URL that tells you what the host is and what server you have to go to in order to find it.
Translated with www.DeepL.com/Translator (free version)
Related
According to their documentation of TLSRoute it does not include rewrite that you typically do for HTTPRoute`
Is it possible to do the same for HTTPS or TLS ?
http:
- match:
- uri:
prefix: /ratings
rewrite:
uri: /v1/bookRatings
route:
- destination:
host: ratings.prod.svc.cluster.local
When TLS traffic is not terminated, traffic (including the URL parts needed for rewrite) is encrypted and therefore Istio can't read or manipulate it. Therefore, these options are not available.
When I go to my example application: https://example.com/r/123 it works as expected.
If I go to http://example.com/r/123 it seems the load balancer changes the url to https://example.com:80/r/123.
This page results in a ERR_SSL_PROTOCOL_ERROR.
Is it possible to make AWS not add the port(:80) in the redirect?
My problem was solved by changing the server IP to 0.0.0.0 instead of the default value of localhost in the nuxt server config.
// nuxt.config.js
server: {
host: '0.0.0.0',
},
I successfully implemented in my aks cluster an ingress with tls certification (https://learn.microsoft.com/en-us/azure/aks/ingress-own-tls), but I would like to pass the information contained in the client certificate to the backend.
I did try adding to my ingress the annotation nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true", but the information seems to be missing in my request headers (I am simply printing the content of request.headers from my flask application). Other headers are correctly shown, e.g. X-Forwarded-Proto: https or X-Forwarded-Port: 443 .
Could somebody confirm the expected behaviour of the annotation?
Do I need to configure the backend somehow with tls as well?
EDIT
I did access the ingress pod, and in the nginx config I could not find any reference to ssl_client_s_dn, which I would expect to be the best candidate to pass the certificate info into an header.
I tried to assign some custom headers following the steps in https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers, but also this seems not to work.
Which version of nginx-ingress are you using ?
At least with version 0.30 I'm able too see the client's certificate details passed to the backend properly.
The value of ssl_client_s_dn is being passed as Ssl-Client-Subject-Dn header with default nginx controller setup, no customization needed.
Here is the content of my default /etc/nginx/nginx.conf (converted from ConfigMap)
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-cert $ssl_client_escaped_cert;
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
Request headers seen from backend perspective:
...
"Ssl-Client-Issuer-Dn": "CN=example.com,O=example Inc.",
"Ssl-Client-Subject-Dn": "O=client organization,CN=client.example.com",
"Ssl-Client-Verify": "SUCCESS",
"User-Agent": "curl/7.58.0",
"X-Forwarded-Host": "httpbin.example.com",
"X-Scheme": "https",
}
}
You can always add your own custom headers, as explained here
Example:
apiVersion: v1
data:
X-Client-Cert-Info: $ssl_client_s_dn
kind: ConfigMap
metadata:
...
which reflects at backend as:
...
"X-Client-Cert-Info": "O=client organization,CN=client.example.com",
"X-Forwarded-Host": "httpbin.example.com",
"X-Scheme": "https",
}
}
you can pass annotations in nginx ingress' service this
annotations:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60'
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
if you want modify header based on ingress rule then you may also add annotations to ingress rules as well.
I have following suspicious logs in my django output logs. Somebody is doing vulnerability check or what?
Invalid HTTP_HOST header: '47.95.231.250:58204'. You may need to add '47.95.231.250' to ALLOWED_HOSTS.
[03/Dec/2017 20:09:28] "GET http://47.95.231.250:58204/ip_js.php?IP=my_ip&DK=my_port&DD=FOQGCINPZHEHIIFR HTTP/1.0" 400 62446
How can I prevent it? Tried to block 47.95.231.250 IP, but didn't help. Request is coming from different IP address probably
Check your server - you will very likely find that 47.95.231.250 is your own server's IP address! This error indicates that someone is able to get to your server but that your Django application is not set to respond to the requests based on IP address. If it is working otherwise then you actually have ALLOWED_HOSTS set correctly based on domain name. Do NOT add the IP address to your ALLOWED_HOSTS unless you actually want to access it by IP address, which is usually not necessary in a production system.
So the IP address access is an indication of someone trying to get it that shouldn't be allowed. The port 58204 is also a clue. Regular ports for most web servers are 80 & 443. Occasionally, in order to have alternate ports for different applications, you will see 8000 or 8080 or other numbers. 58204 is not a typical web site port number. The third clue is that the requested file is ip_js.php which indicates a request for a PHP-based web site and not Django/Python.
Bottom line: See if you can configure your firewall to allow ONLY the necessary open ports from the outside world in to your server. Typically this will include:
80 - http
443 - https
22 - ssh
and possibly others depending on how your server is configured and what applications it runs. For example, if you host MySQL or another database on the same box then you will need to open additional ports if-and-only-if you require remote access to the database outside of the application.
I am trying to accomplish a simple task:
Every request with a URI of:
http://localhost:8081/api/customers
Will also be available through:
http://somedomain.com:8081/api/customer
I've defined my hosts file:
127.0.0.1 somedomain.com
So if the URI is:
somedomain.com
It is being redirected to localhost - the default IIS8 page - which is the wwwroot folder on windows. Great!
However the followings don't work:
somedomain.com:8081
nor
127.0.0.1:8081
Anyway to make it work?
P.S
ASP.NET Web API doesn't work very well with localhost address (for instance you cannot add cookies from the server for localhost address).