Allow proxy configuration #160
Comments
|
I've implemented this twice, once with a configuration parameter (doesn't work for auxiliary clients without a lot of hacking), and once using an environment variable (which works everywhere, but is ugly). I don't like either of the implementations. Plus, after doing some real-world work with proxies, I don't think they're the right way to solve the Log4Shell problem, because they require the application to explicitly configure every client that it creates, for every purpose (including APIs for other external services). A better solution, IMO, is to use a Network Firewall in front of a NAT. I'll be updating the docs, and leaving the development branches in case I need to grab something from them, but don't plan to proceed further with this ticket.. |
At the time this library was first developed, I wasn't that concerned about proxies. Plus, AWS added support for proxy configuration via system properties at around the same time, and I figured that it was better to have a single method of configuration for the entire application, rather than explicitly configuring the logging library.
Recently, however, I've been looking at proxies as a way to mitigate attacks like Log4Shell, and have realized that the proxy configuration for the Java SDK is a hot mess: v2 just added support for system properties in November 2021, and attaches different meanings to the properties (in v1, you use
http.proxyXXXfor HTTP connections andhttps.proxyXXXfor HTTPS; v2 useshttp.proxyXXXfor both). And neither of them document how to configure a proxy. It's enough to make one switch to Python.I plan to implement with a single
proxyUrlconfiguration variable for each appender, which takes the formhttp://[user[:password]@host[:port], which matches the format used by the environment variables (HTTP_PROXY,HTTPS_PROXY) that are supported by the v1 SDK. This will allow v2 users to do a simple environment substitution.The text was updated successfully, but these errors were encountered: