We have a Kubernetes cluster where we have some financial software running - Strands. When we are trying to access one of the pages on our frontend, the request from frontend is being sent to Kubernetes pod which should process this request.
The pod runs Tomcat and we see that the request is being rejected with the following message:
2022-10-31T10:30:46,133 INFO [UserSessionFilter.java:153] : URI :/bfm-web/config/get.action
2022-10-31T10:30:46,133 INFO [UserSessionFilter.java:154] : Remote Host :10.240.0.103
2022-10-31T10:30:46,133 INFO [UserSessionFilter.java:155] : Remote Port :41898
2022-10-31T10:30:54,295 INFO [UserSessionFilter.java:152] : Request not allowed. Just return a 403 status
2022-10-31T10:30:54,296 INFO [UserSessionFilter.java:153] : URI :/bfm-web/config/get.action
2022-10-31T10:30:54,296 INFO [UserSessionFilter.java:154] : Remote Host :10.240.0.229
2022-10-31T10:30:54,296 INFO [UserSessionFilter.java:155] : Remote Port :57206
I am not familiar with Tomcat or Java and do not really know where to look for. I tried to check web.xml file for some filter but could find any clues. Can this be related to some Kubernetes authorization settings?
Let me know what info I can share with you to help, here are some other logs and also backend uses PostgreSQL database for user data, however it seems to work well:
2022-10-27T11:16:20,751 INFO [{omitted_due_to_sec_reasons}HttpHeaderUserSessionFilter.java:71] : The header name [user.header.name] has been set to HTTP_STRANDS_USER
This one above seems interesting to me because it seems to be a custom filter which sets the filter to accept a specific header (I intentionally omitted some company info). Does anyone know where I can find these filters?
10.240.0.103 - - [28/Oct/2022:14:02:33 +0000] "GET /bfm-web/config/get.action HTTP/1.1" 403 707
10.240.0.103 - - [31/Oct/2022:10:12:01 +0000] "GET /bfm-web/config/get.action HTTP/1.1" 403 743
10.240.0.103 - - [31/Oct/2022:10:24:31 +0000] "GET /bfm-web/config/get.action HTTP/1.1" 403 743
10.240.0.103 - - [31/Oct/2022:10:24:36 +0000] "GET /bfm-web/config/get.action HTTP/1.1" 403 743
10.240.0.103 - - [31/Oct/2022:10:30:46 +0000] "GET /bfm-web/config/get.action HTTP/1.1" 403 743
10.240.0.229 - - [31/Oct/2022:10:30:54 +0000] "GET /bfm-web/config/get.action HTTP/1.1" 403 743
And other:
31-Oct-2022 10:12:01.856 INFO [http-nio-8080-exec-10] org.apache.catalina.core.ApplicationContext.log Request not allowed. Just return a 403 status. URI :: /bfm-web/config/get.action
31-Oct-2022 10:24:31.966 INFO [http-nio-8080-exec-2] org.apache.catalina.core.ApplicationContext.log Request not allowed. Just return a 403 status. URI :: /bfm-web/config/get.action
31-Oct-2022 10:24:36.951 INFO [http-nio-8080-exec-3] org.apache.catalina.core.ApplicationContext.log Request not allowed. Just return a 403 status. URI :: /bfm-web/config/get.action
31-Oct-2022 10:30:46.133 INFO [http-nio-8080-exec-5] org.apache.catalina.core.ApplicationContext.log Request not allowed. Just return a 403 status. URI :: /bfm-web/config/get.action
31-Oct-2022 10:30:54.297 INFO [http-nio-8080-exec-6] org.apache.catalina.core.ApplicationContext.log Request not allowed. Just return a 403 status. URI :: /bfm-web/config/get.action
The issue was related to missing "enable-underscores-in-headers: 'true'" on Ingress NGINX controller. Adding it and restarting the pods did the magic.