search

Kong / kong

🦍 The Cloud-Native API Gateway and AI Gateway.
https://konghq.com/install/#kong-community
Apache License 2.0
39.22k stars 4.81k forks source link

use the requested Host header in the proxied request #444

Closed ahmadnassri closed 9 years ago

ahmadnassri commented 9 years ago

When setting up Kong in-front of an API service that relies on the Host header for routing (e.g. Kong itself), Kong uses the target_url in the proxied request.

it should either:

alternatively the request-transformer plugin could be used here, however, currently attempting to overwrite the Host header with request-transformer does nothing. (see #445)

detailed example:
┌────────────────────┐
│      Consumer      │
└────────────────────┘
           │
           ▼
┌────────────────────┐
│GET / HTTP/1.1      │
│Accept: */*         │
│Host: mockbin.com   │
└────────────────────┘
           │             ┌─────────────────────────────────────────┐
           ▼             │{                                        │
┌────────────────────┐   │  "public_dns": "mockbin.com",           │
│        Kong        │───│  "target_url": "http://173.236.235.78/" │
└────────────────────┘   │}                                        │
           │             └─────────────────────────────────────────┘
           ▼
┌────────────────────┐
│GET / HTTP/1.1      │
│Accept: */*         │
│Host: 173.236.235.78│
└────────────────────┘
           │             ┌─────────────────────────────────────────┐
           ▼             │{                                        │
┌────────────────────┐   │  "public_dns": "mockbin.com",           │
│        Kong        │───│  "target_url": "http://mockbin.org/"    │
└────────────────────┘   │}                                        │
           │             └─────────────────────────────────────────┘
           ▼
┌────────────────────┐
│  API not found :(  │
└────────────────────┘

           x
┌────────────────────┐
│    mockbin.org     │
└────────────────────┘
subnetmarco commented 9 years ago

I can easily fix this, but it may lead to some problems. I believe the reason we decided to change the Host header to reflect the target url's host, is because it created issues with the Virtual Host resolution: some servers that handle more than one host, use the Host header to determine the Virtual Host that should process the request.

We need to better test this. If we find out that it can cause problems, then this needs to be a flag when adding the API, like preserve_host = true | false.

subnetmarco commented 9 years ago

Specifically, we need to understand if this is really required: https://github.com/Mashape/kong/blob/master/kong/resolver/access.lua#L179

The fix to this issue would be to comment that line, and add the following nginx directive before the proxy_pass instruction:

proxy_set_header Host $host;
ahmadnassri commented 9 years ago

as mentioned, I believe both solutions are valid (in different scenarios) therefore, should be flag ... or a feature of request transform plugin

subnetmarco commented 9 years ago

I have added the preserve_host flag (default false) when adding a new API.