Hi there,
I have a use case where a request is sent by Azure App Gateway (APW) to Istio.
Problem Statement:
The flow of the request is like below
User AGW (test.abc.com) [overriding the backend hostname] Istio (sandpit.abc.com)
This is what is I see in “istio-ingressgateway” pod’s log
[2021-06-16T18:24:10.794Z] "GET /online/api/health HTTP/1.1" 404 NR "-" 0 0 0 - "10.xxx.xx.36" "-" "c5571349-6ea1-4745-8a9f-13a542c42b25" "test.abc.com" "-" - - 10.xxx.9.118:8443 10.xxx.xx.36:30099 sandpit.abc.com -
It looks like the handshake happens on host SNI “sandpit.abc.com” and Authority is being passed as “test.abc.com”. This might confuse Istio in the selection of Virtual Services hence 404 NR
Setup:
- Gateway is configured to handle both hosts test.abc.com and sandpit.abc.com
- Virtual Service is configured to handle both hosts test.abc.com and sandpit.abc.com
When a request is sent directly to
- test.abc.com - Works
- sandpit.abc.com - Works
- AGW (sandpit.abc.com) Istio (sandpit.abc.com) - works
Inference:
When “AUTHORITY” and “REQUESTED_SERVER_NAME” are same Istio responds with HTTP 200 else HTTP 404
Question:
Is there any way to modify “REQUESTED_SERVER_NAME” before the request is processed by Istio? or is there any solution to make this setup work