-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[2.1.5] Upload BlockBlob doesn't use proxy, and a risk of HttpProxy #364
Comments
@yuxisun1217 Thank you for finding this. We'll address it in v2.1.7. |
There are some additional details in the Bugzilla bug, listing here as well: Description of problem:"HttpProxy" configuration in /etc/waagent.conf doesn't work. The waagent connect to Azure Server directly. Version-Release number of selected component (if applicable): RHEL Version: How reproducible: Steps to Reproduce:
Can download index.html successfully.
Actual results:Client VM: Can catch packages sent by waagent. Expected results:Squid VM: Can capture upload blob packages at proxy. Additional info:
|
fix is merged, closing |
Hi @hglkrijger , I install the v2.1.6.8 and try to verify this. It seems that if I set HttpProxy, waagent cannot send blob status. Could you please help to check this? Thanks! OS: RHEL-7.3 internal build /var/log/waagent.log: |
@yuxisun1217 - could you provide your /etc/waagent.conf? It looks like perhaps the port is not configured correctly. |
Hi @hglkrijger , My proxy configuration is:
|
Thanks @yuxisun1217, I will investigate further. |
Thanks Hans! I change the "conf.get" to "conf.get_int" follow your fix #451 and it works well now. :) I'll verify it again in v2.1.7. |
Great, thanks @yuxisun1217. |
Hi,
In 2.1.5, it seems that the put block/page blob request doesn't use proxy(wire.py Line 390 and 410), which do use proxy in 2.0.16. Is it a change or an issue? I'm not quite sure if it is necessary to use proxy.
And there might be a risk of the connection between WALA and Azure Server(168.63.129.16). If I configure a Network Security Group, add rules like this:
The rules only allow proxy server(172.20.0.254:3128) and deny all others. So that the WALA fails to connect to Azure Server even if enable HttpProxy(Because some of the wala http requests never use proxy). I know this is not a good policy but at least the Azure Portal doesn't forbidden customers to do that and even has no warning messages on UI...
Is there any reason that cannot let all the wala http request use proxy if enable HttpProxy in waagent.conf?(Perhaps when proxy service and the client VM are in different regions? I guess)
The text was updated successfully, but these errors were encountered: