0

So I had a working mTLS service mesh until one of the services got updated with some header manipulation logic. This logic was getting the headers from the request the service got, and then adding those headers to the request this service was making to another one.

With this logic in place, mTLS was broken between this service and the next one, and if I activate PERMISSIVE mode, connection works as usual.

So then I went to this service’s container and did a curl request to the next service but without the Host Header and the request came through.

So, same request, just that without Host header mtls works, and with host header it doesn’t.

I would like to know the reason why this happens. Is it related with mTLS and how both services are trusting each other?

Thanks

codiaf
  • 569
  • 2
  • 18
  • 47

1 Answers1

0

I think that the best way to approach this issue would be to analyze the differences between services' versions before and after the header manipulation logic.

In order to dump headers' request you can use the helper httbin server from Istio official doc here.

You can find more info regarding how to use it here.

Please let me know if that helped.

Wytrzymały Wiktor
  • 11,492
  • 5
  • 29
  • 37