Is there a way to tell Traefik not overwrite the response body when the response code is > 400 ?
The goal is to keep the body of a 404 or a 401 response
The goal is not have a custom error page but the real error page from the backend.
The environment is a Kubernetes Cluster where Traefik is the ingress provider, the storage used by traefik is consul.
This answer my question : https://github.com/containous/traefik/issues/4114
this is not possible since the net/http golang lib is implementing the RFC 7230 sec. 3.1.2. hardly,
and does not plan to change it.
Related
I'll be really gratefull if someone have a documentation or experience with this implementation and can share it. If there are unknown information from my side, please tell me to share it, because i dont know what is needed to describe my entire situation.
The version are Istio 1.61.1 and OtelCollector 0.68.0
I'm trying to get traces from the istio gateway and send to OpenTelemetry.
I'm using openCensus agent and following this documentation as guide (distributed-tracing/opencensusagent).
Unfortunately i cannot succeed, because i get traces on OpenTelemetry log, but the traces has no relation with request made across the gateway.
The objective is to get all the request chain including the istio gateway, to watch the entire time response.
I'm facing a k8s microservice communication issue. K8S structure as below
Fail case
I try to call service2 from .NET Core API 1 via http://service2:8080 (service2 is the services name) but I get an error.
I tried to use a simple code use HttpClient call google.com which can successfully get response which means not about .net coding issue.
Success cases
I use ingress controller which can let .NET Core API 1 connect to .NET Core API 2.
I also tried login to pod1 and curl http://service2:8080 which can successfully get response from pod2.
It seems the k8s DNS can't recognize http://service2:8080 from .NET Core api1.
Does anyone have an idea about that?
is there a way to stop Ambassador from polling services for open api docs?
I have tried disabling the developerportal mapping but still not working.
time="2020-06-11 04:59:49" level=error msg="Bad HTTP response" func=github.com/datawire/apro/cmd/amb-sidecar/devportal/server.HTTPGet.func1 file="github.com/datawire/apro#/cmd/amb-sidecar/devportal/server/fetcher.go:165" status_code=404 subsystem=fetcher url="https://127.0.0.1:8443/<nameofservice>/api/auth/info/.ambassador-internal/openapi-docs"
Kubernetes version : 1.16
AES version: 1.4.3
You can disable the doc polling in version 1.5.0+ by setting the environment variable POLL_EVERY_SECS to 0.
I am working on a kubernetes cluster and problem faced is:
From UI/browser, I can see it is sending a request header called "request_id" please refer to image:
But while checking on backend it is unavailable. While searching through internet, I could see that people are talking about adding following entry to Ingress object:
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header request_id "$req_id";
But it is generating a new value for this and not passing value submitted by browser.
Any ideas, what might be missing here?
If you want to pass a custom header to your backend, you need to use this kind of annotation:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Request-Id: $request_id
In your configuration you are using the variable $req_id, but you need to pass the variable sent by UI/browser.
Basically, ingress-nginx-controller drops any request headers that contains "_" in them. You can find various threads which discuss this issue like,
Why HTTP servers forbid underscores in HTTP header names
So, I just enabled ingress controller to pass such request headers. This can be done by adding following entry to configmap "nginx-configuration"
data:
enable-underscores-in-headers: "true"
IMO, this is a much clean solution as there could be many applications that might use "_" in request headers.
I enabled modsecurity: "true" and enable-owasp-modsecurity-crs: "true" via the configmap of the nginx ingresss controller according to this link . In the annotation of the ingress I set SecRuleEngine On.
When I use nikto to do some scans and try to trigger the owasp rules I only see 400 responses in the ingress logging. I would expect 403 responses. Anyone any idea on what I am doing wrong or what to check?
Followed the instructions on:
https://karlstoney.com/2018/02/23/nginx-ingress-modsecurity-and-secchatops/
The only thing I had to change was "SecAuditLog /var/log/modsec/audit.log". Changed it to SecAuditLog /var/log/modsec_audit.log