Page MenuHomePhabricator

RESTBase should set Request-ID and perhaps X-Forwarded-For headers for external requests
Closed, ResolvedPublic

Description

RESTBase should set and systematically forward / extend X-Forwarded-For and X-Request-ID (or similar) headers in its requests to backend services to allow client IP and request tracking.

Additionally, header sanitisation and inspection would be highly desirable.

Event Timeline

mobrovac created this task.Feb 14 2015, 7:34 PM
mobrovac raised the priority of this task from to Needs Triage.
mobrovac updated the task description. (Show Details)
mobrovac added projects: RESTBase, Services.
mobrovac added a subscriber: mobrovac.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 14 2015, 7:34 PM
GWicke updated the task description. (Show Details)Feb 14 2015, 10:26 PM
GWicke set Security to None.
GWicke added a subscriber: GWicke.

Additionally, header sanitisation and inspection would be highly desirable.

What do you mean with this?

Additionally, header sanitisation and inspection would be highly desirable.

What do you mean with this?

I mean prevent situations like this one. Better to do it in RESTBase than to rely on client services.

GWicke triaged this task as Medium priority.Mar 15 2015, 4:44 PM

I mean prevent situations like this one. Better to do it in RESTBase than to rely on client services.

Right now we don't forward client headers to internal services. If we start to do so then we should probably be careful to only forward specific headers. Ideally, we'd systematically sanitize them based on header parameter descriptions defined in the swagger spec.

GWicke renamed this task from RESTBase should set X-Forward* headers for external requests to RESTBase should set Request-ID and perhaps X-Forwarded-For headers for external requests.Mar 15 2015, 4:51 PM
GWicke moved this task from Backlog to In-progress on the Services board.Mar 17 2015, 8:01 PM
GWicke moved this task from Backlog to In progress on the RESTBase board.Mar 17 2015, 8:17 PM
GWicke closed this task as Resolved.Apr 6 2015, 11:35 PM
GWicke claimed this task.

This is now implemented and deployed.

mobrovac reopened this task as Open.Apr 7 2015, 10:14 AM
This comment was removed by mobrovac.
mobrovac claimed this task.Apr 7 2015, 10:14 AM
mobrovac closed this task as Resolved.Apr 21 2015, 12:46 PM
mobrovac moved this task from In-progress to Done on the Services board.Jun 23 2015, 8:49 AM