-
Notifications
You must be signed in to change notification settings - Fork 327
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Frequent 400 Bad Request #586
Comments
@jseiser these logs don't show any requests for a session start initiated by your nginx config would be helpful as well. please consult the README and adjust as necessary. |
I thought i did, sorry. The original post now contains the nginx config. ill try to figure out what you want for those logs, and get that attached |
That is a fascinating There's certainly a lot going on there. Did you evaluate VP with a simpler setup? If you test with a simpler nginx and VP setup does the behavior improve? With rate limiting, lua and That said, I'm happy to look at your logs when you're able to offer them. |
Even before this site went live, so a much more basic config, same issues. I can remove the rate limiting, but thats a really high limit. The mod security is running in Of course, when i turn on test mode, it works a hell of a lot more often, then when i disable it. So I will def. remove the rate limit just in case. All of the lua stuff you see, is just default from the nginx-ingress, nothing special done on our side. edit: no change with the RPS disabled. |
https://gist.github.com/jseiser/a421b91492fad7c5b880a85335c10360 I know its not debug/test enabled, but i was able to find a log that showed /validate and /login that resulted in not being able to access the UI. Sorry for being dense, but if i enable test mode, can you elaborate on what you want me to click on? /validate, and /login and then the next URL present for the redirect? |
Describe the problem
Provider: Okta
Vouch protected sites will return multiple
400 Bad Request
x-vouch-error /auth Invalid session state: stored %!s(<nil>), returned o3cS6I84ssMKwdvrZ88HIg1poO4dq0K
or when test is disabled
x-vouch-error /auth securecookie: the value is not valid: could not find session store VouchSession
If you retry a few times, you will eventually get through to the protected site.
Expected behavior
I would expect to pass through to the site every time.
Desktop (please complete the following information):
Additional context
Vouch runs in kubernetes, with nginx ingress handling the various routing.
here are debug logs, with test true. I got the 400, then on the second time, got through to my app.
https://gist.github.com/jseiser/78a1efafeff05621c3d47b62adcd9f78
My ENV Vars look like this
https://gist.github.com/jseiser/eb994613a32aeca80730edaf44a5ff80
NGINX Config
https://gist.github.com/jseiser/eff62e17c6f0064c73ffc86798975237
Ingress
https://gist.github.com/jseiser/d76815dda8c1f019ece3532275804eb3
The text was updated successfully, but these errors were encountered: