traefik icon indicating copy to clipboard operation
traefik copied to clipboard
Published 2 weeks ago verified publisher icon traefik

Support HTTP mirroring excluding body

Open MatteoPaier opened this issue 1 year ago • 3 comments

Welcome!

  • [X] Yes, I've searched similar issues on GitHub and didn't find any.
  • [X] Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What did you expect to see?

Often when mirroring HTTP request there is no need for the entire body of the request (e.g. only need the headers for logging or audit purposes).

As far as I know, when HTTP mirroring was introduced there was no support for body mirroring. When #6080 was merged, body mirroring became mandatory (with the option to omit the request if the body exceeds a specified size).

I propose a new boolean http/mirroring option (e.g. mirror-body, default true) to allow for the removal of the body from the mirrored requests. I can submit a PR if the feature could prove useful.

MatteoPaier avatar Aug 20 '24 12:08 MatteoPaier

Hey @MatteoPaier,

Thank you for the suggestion.

I can submit a PR if the feature could prove useful.

Be sure that if you open a PR, we'll evaluate it. Thanks in advance.

nmengin avatar Aug 22 '24 12:08 nmengin

Hello @MatteoPaier,

Thank you for your contribution.

Discussing again the issue with the other maintainers, we are wondering if the mirroring feature should be used to achieve this kind of use case.

Indeed, in our understanding, the primary goal of the mirroring is to replicate the same requests on alternative servers and we are wondering if a request alteration should be allowed.

Could you elaborate on your use case and explain why you cannot use the observability features provided by Traefik?

nmengin avatar Aug 26 '24 14:08 nmengin

Hi @nmengin,

My use case at the moment is to duplicate requests to get the value of some headers and take decisions based on that values. I am migrating a stack from Nginx, where the ngx_http_mirror_module (with mirror_request_body = off) was used to mirror the headers of a service to another for auditing purposes.

At the moment I'm simply mirroring the requests and ignoring the body, but this can generate a lot of unnecessary traffic.

I've looked into Traefik's access logs observability, but I feel like it does not completely apply to my use case because I need this mirroring only for some specific services, while access logs settings apply globally. Moreover, I don't thing modifying access logs to bind them to services (i.e. enable the user to specify different options for different services) is a solution here: I think access logs are better suited for observability (indeed), while in my use case the requests headers are used also to influence the state of the application.

Maybe also body truncation up to a certain length can be useful to someone, though I don't have a real use case in mind.

Additionally, in #5893 was argued the opposite:

why a mirror would need to have access to the body, since it's not meant to reply to the request anyway?

In summary, while the access logs feature provides good observability, for specific use cases requiring request headers to influence the application's state mirroring can prove useful even with request modification.

Let me know if you have any question or need any more input.

MatteoPaier avatar Aug 26 '24 15:08 MatteoPaier

Hey @MatteoPaier,

Thank you for your feedback. We have moved your PR status accordingly.

nmengin avatar Aug 29 '24 12:08 nmengin

Merged in #11032

MatteoPaier avatar Sep 02 '24 17:09 MatteoPaier