Closed skwokie closed 4 years ago
Hi,
I've just tried using a Chrome extension to inject the user and role headers, and it worked - the login page is skipped and then it showed the Streams page. So, it is the proxy-pass that is not working. I've also captured the header on the graylog server using tcpdump and the logs of both are as followed:
Using Chrome extension
GET / HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Content-Encoding: gzip
X-UA-Compatible: IE=edge
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: text/html
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked
GET /config.js HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: */*
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/javascript
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 127
GET /api/system/sessions HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 51
GET /api/ HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 452
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 232
GET /api/users/skwok@***.com HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
GET /api/system HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1225
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 374
GET /api/system/locales HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
GET /api/streams HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
GET /api/views/fields HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
GET /api/views/functions HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
GET /api/system/cluster_config/org.graylog2.indexer.searches.SearchesClusterConfig HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 2890
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 265
HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 2790
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 2
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 3871
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 24
GET /api/system/notifications HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 851
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 30
GET /api/streams HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 3557
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 24
GET /api/system/jvm HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1312
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 403
GET /api/search/decorators/available HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
GET /api/search/decorators HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
GET /api/dashboards HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
GET /api/system/notifications HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1519
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 2
HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 2321
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1529
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 27
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 659
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 30
GET /api/dashboards HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1264
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 27
GET /api/system/gettingstarted HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 13
GET /api/users/skwok@***.com HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked
GET /api/system/gettingstarted HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 13
GET /api/dashboards HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1482
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 27
GET /api/system/indices/index_sets?stats=false HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 2601
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 38
GET /api/ HTTP/1.1
Host: dev-graylog.***.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
X-Graylog-No-Session-Extension: true
Origin: http://dev-logs.***.com
Connection: keep-alive
Referer: http://dev-logs.***.com/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 392
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 232
GET /api/streams HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
GET /api/streams/null/rules/types HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1469
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 4034
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 24
POST /api/cluster/metrics/multiple HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Content-Length: 100
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Origin: http://dev-graylog.***.com
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-graylog.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 4363
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:26 GMT
Content-Length: 295
GET /api/system/notifications HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 809
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:27 GMT
Content-Length: 30
POST /api/cluster/metrics/multiple HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Content-Length: 100
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Origin: http://dev-graylog.***.com
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-graylog.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 4549
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:27 GMT
Content-Length: 295
GET /api/system/cluster/nodes HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
^C64 packets captured
64 packets received by filter
0 packets dropped by kernel
Using proxy-pass
GET /api/ HTTP/1.1
Host: dev-graylog.***.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
X-Graylog-No-Session-Extension: true
Origin: http://dev-logs.***.com
Connection: keep-alive
Referer: http://dev-logs.***.com/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 406
Content-Type: application/json
Date: Mon, 27 Jan 2020 21:21:26 GMT
Content-Length: 232
GET / HTTP/1.0
Host: dev-graylog-private.***.com
Connection: close
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; _gat=1; OBTKSID=6btvqf0050rflighpj51dt2ve2
x-authuser: skwok@***.com
x-itspid: 29308
x-roles: Reader
HTTP/1.1 200 OK
X-UA-Compatible: IE=edge
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: text/html
Date: Mon, 27 Jan 2020 21:21:43 GMT
Connection: close
Content-Length: 1590
GET /config.js HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: */*
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; _gat=1; OBTKSID=6btvqf0050rflighpj51dt2ve2
HTTP/1.1 200 OK
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/javascript
Date: Mon, 27 Jan 2020 21:21:43 GMT
Content-Length: 127
Host: dev-graylog.***.com
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-requested-by,x-requested-with
Origin: http://dev-logs.***.com
Sec-Fetch-Mode: cors
Referer: http://dev-logs.***.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Date: Mon, 27 Jan 2020 21:21:43 GMT
GET /api/system/sessions HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic dW5kZWZpbmVkOnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Origin: http://dev-logs.***.com
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 21:21:43 GMT
Content-Length: 52
Host: dev-graylog.***.com
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-graylog-no-session-extension,x-requested-by,x-requested-with
Origin: http://dev-logs.***.com
Sec-Fetch-Mode: cors
Referer: http://dev-logs.***.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Date: Mon, 27 Jan 2020 21:21:43 GMT
GET /api/ HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Origin: http://dev-logs.***.com
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 411
Content-Type: application/json
Date: Mon, 27 Jan 2020 21:21:43 GMT
Content-Length: 232
GET /assets/4bb26941a7fc56acf1c1ac2afb35f58d.jpg HTTP/1.0
x-authuser: skwok@***.com
x-itspid: 29308
x-roles: Reader
test-psh: test
Host: dev-graylog-private.***.com
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; _gat=1; OBTKSID=6btvqf0050rflighpj51dt2ve2
HTTP/1.1 200 OK
ETag: "1a2230a18c3ad6cb43feb9005b2567ff8cf1ebf4a85692bf19d15e562b70f518"
Cache-Control: no-transform, max-age=31536000
Last-Modified: Tue, 14 Jan 2020 16:06:32 GMT
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: image/jpeg
Date: Mon, 27 Jan 2020 21:21:43 GMT
Connection: close
Transfer-Encoding: chunked
GET /assets/48aa7ad98beedc63d82925f45fd8e72c.woff2 HTTP/1.0
x-authuser: skwok@***.com
x-itspid: 29308
x-roles: Reader
test-psh: test
Host: dev-graylog-private.***.com
Connection: close
Origin: http://dev-logs.***.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: */*
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; _gat=1; OBTKSID=6btvqf0050rflighpj51dt2ve2
GET /assets/af7ae505a9eed503f8b8e6982036873e.woff2 HTTP/1.0
x-authuser: skwok@***.com
x-itspid: 29308
x-roles: Reader
test-psh: test
Host: dev-graylog-private.***.com
Connection: close
Origin: http://dev-logs.***.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: */*
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; _gat=1; OBTKSID=6btvqf0050rflighpj51dt2ve2
HTTP/1.1 200 OK
ETag: "2c003703a07bac02b8e42b49562a2cdb95b9b68ef4bd669b6c9c7e9919f7dbe7"
Cache-Control: no-transform, max-age=31536000
Last-Modified: Tue, 14 Jan 2020 16:06:32 GMT
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/octet-stream
Date: Mon, 27 Jan 2020 21:21:43 GMT
Connection: close
Transfer-Encoding: chunked
HTTP/1.1 200 OK
ETag: "2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe"
Cache-Control: no-transform, max-age=31536000
Last-Modified: Tue, 14 Jan 2020 16:06:32 GMT
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/octet-stream
Date: Mon, 27 Jan 2020 21:21:43 GMT
Connection: close
Transfer-Encoding: chunked
GET /api/system/sessions HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic dW5kZWZpbmVkOnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Origin: http://dev-logs.***.com
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 21:21:43 GMT
Content-Length: 52
GET /api/ HTTP/1.1
Host: dev-graylog.***.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
X-Graylog-No-Session-Extension: true
Origin: http://dev-logs.***.com
Connection: keep-alive
Referer: http://dev-logs.***.com/
he @skwokie
as you can see the SSO Plugin is working like it should. You have checked that with the chrome extension yourself. It might be related to your nginx configuration. Please check the spelling and if everything is lower/uppercase as it should.
We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our discussion forum or join the #graylog channel on freenode IRC.
Thank you!
Thanks, @jalogisch. I've resolved the issue after referencing https://docs.graylog.org/en/3.1/pages/configuration/web_interface.html#nginx and adding the mentioned headers.
Problem description
With nginx proxy_pass-ing the graylog server with the set user and role headers, the SSO plugin is not logging the user in automatically and the browser shows the log in screen instead.
Steps to reproduce the problem
Hi,
I followed http://docs.graylog.org/en/3.1/pages/installation/docker.html and used the persistence version of the docker-compose file to launch a graylog server version 3.1. Then, I followed https://docs.graylog.org/en/3.1/pages/users_and_roles/external_auth.html#single-sign-on and set up SSO with the following settings: Username Header: X-Authuser Request must come from a trusted proxy: unchecked Automatically create users: unchecked Synchronize the roles of the user from the specified HTTP header: unchecked Roles Header: X-Roles
Finally, I've nginx installed on another server with the following config:
location / { auth_request /verify; auth_request_set $user $upstream_http_x_authuser; auth_request_set $roles $upstream_http_x_roles; proxy_set_header X-Authuser $user; proxy_set_header X-Roles $roles; proxy_pass_request_headers on; proxy_pass http://dev-graylog-private.***.com/; }
with /verify to perform authentication and supply the username and role.
I've verified that the headers are passed to the graylog server by using tcpdump, and tcpdump shows this in the output:
I believe by hitting '/' on the nginx server with a browser, the SSO plugin is expected to log the user in; however, it is not the case. So, I turned on debug logging and tried to log in again and see the followings:
So, I'd like to ask:
Thanks very much.
Environment