Access Kibana thru Azure Application Gateway Path Based Route

Phydeauxman · May 6, 2019, 4:41pm

We are running Kibana 6.7.1 with XPACK on a VM in Azure. The VM is sitting behind an Azure Web Application Firewall (WAF). We have the WAF configured for path based routing where Kibana is accessed via https://app.mydomain.com/kibana. We also have a rewrite rule configured on the App Gateway that rewrites the Location response header from Kibana to be /kibana/{resp_http_Location}. The problem we are seeing is that Kibana keeps looping until the App Gateway shuts down the connection.

From Chrome, when we go to https://app.mydomain.com/kibana, based on our rewrite rule, the Location response header we get is /kibana/login?next=%2F. The browser then send the request to https://app.mydomain.com/kibana/login?next=%2F which Kibana responds back with a Location header value of /kibana/login?next=%2F%2Flogin%3Fnext%3D%252F. The browser then sends a request to https://app.mydomain.com/kibana/login?next=%2F%2Flogin%3Fnext%3D%2F and Kibana responds back with a Location header value of /kibana/login?next=%2F%2Flogin%3Fnext%3D%252F%252Flogin%253Fnext%253D%25252F. This goes back and forth until the App Gateway shuts down the connection.

Not sure what is causing this. Any ideas we can investigate?

joelgriffith · May 10, 2019, 3:21pm

@Phydeauxman welcome to the elastic discuss forums! My thinking is that query-string parameter of ?next might be throwing things through a loop since, when decoded, is telling Kibana to navigate to /. Without knowing the internals of how Azure's WAF works, it might be redirecting back without any authorization in place, and thus the cycle begins again.

Could you try manually setting your URL to https://app.mydomain.com/kibana/login?next=%2Fkibana and see how that responds? If you have Kibana configured to use a basePath, then you'd need to set the ?next parameter to that basePath in order to function properly. We have docs on the entirety of Kibana's configuration located here: https://www.elastic.co/guide/en/kibana/current/settings.html. Simply search for basePath to read more about it.

Let me know how it goes!

Phydeauxman · May 13, 2019, 10:26pm

Thanks @joelgriffith we were able to solve our problem using the basePath setting.

system · June 10, 2019, 10:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.