Merge pull request #1478 from tkan145/THREESCALE-11128-no-proxy

Prevent APIcast fallback to global proxy settings for direct connection
3scale · Jun 27, 2024 · 907db14 · 907db14
2 parents b75d3b8 + d4550af
commit 907db14
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 - Fixed 3scale Batcher policy unable to handle `app_id`/`access_token` contains special characters [PR #1457](https://github.com/3scale/APIcast/pull/1457) [THREESCALE-10934](https://issues.redhat.com/browse/THREESCALE-10934)
 
+- Fixed APIcast send request through proxy server even when `NO_PROXY` is used [PR #1478](https://github.com/3scale/APIcast/pull/1478) [THREESCALE-11128](https://issues.redhat.com/browse/THREESCALE-11128)
+
 ### Added
 
 - Bump openresty to 1.21.4.3 [PR #1461](https://github.com/3scale/APIcast/pull/1461) [THREESCALE-10601](https://issues.redhat.com/browse/THREESCALE-10601)

diff --git a/gateway/src/resty/http/proxy.lua b/gateway/src/resty/http/proxy.lua
@@ -57,10 +57,13 @@ local function connect(request)
     -- openresty treat nil as false, so we need to explicitly set ssl_verify to false if nil
     local ssl_verify = request.options and request.options.ssl and request.options.ssl.verify or false
 
+    -- We need to set proxy_opts to an empty table here otherwise, lua-resty-http will fallback
+    -- to the global proxy options
     local options = {
       scheme = scheme,
       host = host,
-      port = port
+      port = port,
+      proxy_opts = {}
     }
     if scheme == 'https' then
         options.ssl_server_name = host

diff --git a/t/http-proxy.t b/t/http-proxy.t
@@ -2083,3 +2083,46 @@ qr/a client request body is buffered to a temporary file/
 --- grep_error_log_out
 a client request body is buffered to a temporary file
 --- user_files fixture=tls.pl eval
+
+
+
+=== TEST 36: APIcast should not ingore NO_PROXY, when HTTP_PROXY and HTTPS_PROXY are also set
+It connects directly to backened and forwards request to the upstream via proxy.
+--- env random_port eval
+(
+  'http_proxy' => $ENV{TEST_NGINX_HTTP_PROXY},
+  'no_proxy' => '127.0.0.1,localhost,test_backend',
+)
+--- configuration
+{
+  "services": [
+    {
+      "id": 42,
+      "backend_version":  1,
+      "proxy": {
+        "api_backend": "http://test-upstream.lvh.me:$TEST_NGINX_SERVER_PORT/",
+        "proxy_rules": [
+          { "pattern": "/", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
+        ]
+      }
+    }
+  ]
+}
+--- backend
+  server_name test_backend.lvh.me;
+  location /transactions/authrep.xml {
+    content_by_lua_block {
+      ngx.exit(ngx.OK)
+    }
+  }
+--- upstream
+  server_name test-upstream.lvh.me;
+  location / {
+     echo 'yay, api backend: $http_host';
+  }
+--- request
+GET /?user_key=value
+--- response_body env
+yay, api backend: test-upstream.lvh.me:$TEST_NGINX_SERVER_PORT
+--- error_code: 200
+--- no_error_log