Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrong Forwarded header when original X-Forwarded-For is an IPv6 #3643

Open
ZIRAKrezovic opened this issue Dec 16, 2024 · 1 comment
Open

Comments

@ZIRAKrezovic
Copy link

When X-Forwarded-For contains an IPv6 and server.forward-headers-strategy is set to framework, Gateway will pass an incorrect Forwarded header to downstream, as shown in the picture - resulting in an exception being thrown in services that also set server.forward-headers-strategy=framework

{AD2BBAF6-2319-4826-8640-131589522AD1}

I have narrowed down issue to spring-cloud-gateway, as nothing else seems to add Forwarded header. I have prepared a reproducer that demonstrates this using IPv6 only haproxy and docker

https://github.com/ZIRAKrezovic/gateway-reproducer.git

There is a single test that starts 3 containers and uses ipv6 only to communicate, up to returning back to host (gateway) on 8080. Make sure to adjust the port in haproxy.cfg and application.properties if they should be changed.

The test contains a commented out direct entry to its own "/test" REST resource, and a call that causes the issue to "/testgateway", that simply routes back to itself and rewrites the path to "/test"

@ZIRAKrezovic
Copy link
Author

I can also reproduce this by using WebClient. Example has been updated.

import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.web.reactive.server.WebTestClient;

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
class DemoApplicationSimpleTests {
    @Autowired
    private WebTestClient webClient;

    @Test
    void contextLoads() {
        webClient.get()
                // working url, bypasses gateway
                //.uri("/test")
                .uri("/testgateway")
                .header("X-Forwarded-For", "fd00:fefe:1::4")
                .exchange()
                .expectStatus()
                .isOk();
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant