Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[THREESCALE-11128] Prevent APIcast fallback to global proxy settings for direct connection #1479

Merged
merged 1 commit into from
Jun 27, 2024
Merged

[THREESCALE-11128] Prevent APIcast fallback to global proxy settings for direct connection #1479

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/).

- Fixed 3scale Batcher policy unable to handle `app_id`/`access_token` contains special characters [PR #1457](https://github.com/3scale/APIcast/pull/1457) [THREESCALE-10934](https://issues.redhat.com/browse/THREESCALE-10934)

- Fixed APIcast send request through proxy server even when `NO_PROXY` is used [PR #1478](https://github.com/3scale/APIcast/pull/1478) [THREESCALE-11128](https://issues.redhat.com/browse/THREESCALE-11128)

### Added

- Bump openresty to 1.21.4.3 [PR #1461](https://github.com/3scale/APIcast/pull/1461) [THREESCALE-10601](https://issues.redhat.com/browse/THREESCALE-10601)

- Support Financial-grade API (FAPI) - Baseline profile [PR #1465](https://github.com/3scale/APIcast/pull/1465) [THREESCALE-10973](https://issues.redhat.com/browse/THREESCALE-10973)

## [3.15.0] 2024-04-04

### Fixed
Expand Down
5 changes: 4 additions & 1 deletion gateway/src/resty/http/proxy.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,13 @@ local function connect(request)
-- openresty treat nil as false, so we need to explicitly set ssl_verify to false if nil
local ssl_verify = request.options and request.options.ssl and request.options.ssl.verify or false

-- We need to set proxy_opts to an empty table here otherwise, lua-resty-http will fallback
-- to the global proxy options
local options = {
scheme = scheme,
host = host,
port = port
port = port,
proxy_opts = {}
}
if scheme == 'https' then
options.ssl_server_name = host
Expand Down
43 changes: 43 additions & 0 deletions t/http-proxy.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2083,3 +2083,46 @@ qr/a client request body is buffered to a temporary file/
--- grep_error_log_out
a client request body is buffered to a temporary file
--- user_files fixture=tls.pl eval



=== TEST 36: APIcast should not ingore NO_PROXY, when HTTP_PROXY and HTTPS_PROXY are also set
It connects directly to backened and forwards request to the upstream via proxy.
--- env random_port eval
(
'http_proxy' => $ENV{TEST_NGINX_HTTP_PROXY},
'no_proxy' => '127.0.0.1,localhost,test_backend',
)
--- configuration
{
"services": [
{
"id": 42,
"backend_version": 1,
"proxy": {
"api_backend": "http://test-upstream.lvh.me:$TEST_NGINX_SERVER_PORT/",
"proxy_rules": [
{ "pattern": "/", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
]
}
}
]
}
--- backend
server_name test_backend.lvh.me;
location /transactions/authrep.xml {
content_by_lua_block {
ngx.exit(ngx.OK)
}
}
--- upstream
server_name test-upstream.lvh.me;
location / {
echo 'yay, api backend: $http_host';
}
--- request
GET /?user_key=value
--- response_body env
yay, api backend: test-upstream.lvh.me:$TEST_NGINX_SERVER_PORT
--- error_code: 200
--- no_error_log
Loading