[
https://issues.apache.org/jira/browse/NIFI-16018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Villard resolved NIFI-16018.
-----------------------------------
Resolution: Fixed
> X-Forwarded-Host could also contains port number, which lead to misdirect
> request
> ---------------------------------------------------------------------------------
>
> Key: NIFI-16018
> URL: https://issues.apache.org/jira/browse/NIFI-16018
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 2.10.0
> Reporter: Zoltán Kornél Török
> Assignee: Zoltán Kornél Török
> Priority: Major
> Fix For: 2.10.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> In https://issues.apache.org/jira/browse/NIFI-15953 a new class
> ProxyHeaderValidatorCustomizer introduced which checks nifi.web.proxy.host
> config and if a proxy is not listed there, then request is not allowed. One
> of the header which is checked is "X-Forwarded-Host". The problem is, that
> some of the proxy is put not only the hostname into that header, but also
> port number. For example: X-Forwarded-Host: knox.example.com:8443
> When this happens, the readed hostheader contains the port number and it not
> match with the configured proper hostname. We need to extend the code to
> remove the port number from the headers if presented
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
