Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-27411

Cockpit integration fails with AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F in foreman-ssl_error_ssl.log

XMLWordPrintable

      Description of problem:

      ssia

       

      How reproducible:

      always

       

      Is this issue a regression from an earlier version:

      Not a regression from an earlier version of Satellite. There were some cve fixes in apache-2.4.60, which (probably) got backported into httpd-2.4.37-65 which seems to have landed in both RHEL8 and 9. These cve fixes forbid the behavior we were relying on, unless we explicitly allow it with a flag.

      Steps to Reproduce:

      1. Enable cockpit integration

      2. Try to access web console of a host

      Actual behavior:

      403 forbidden, "AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F" in foreman-ssl_error_ssl.log

      Expected behavior:

      Web console of remote host gets displayed.{}

       

              aruzicka@redhat.com Adam Ruzicka
              aruzicka@redhat.com Adam Ruzicka
              Peter Ondrejka Peter Ondrejka
              Votes:
              3 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: