Proxy causes an infinite loop when the redirected URI is a targeted for a local function or proxy

which doesn't exist

#2402

Author: safihamid

src/WebJobs.Script.WebHost/ProxyFunctionExecutor.cs

@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Threading;
@@ -55,6 +56,27 @@ public async Task ExecuteFuncAsync(string funcName, Dictionary<string, object> a
                 return await functionRequestInvoker.ProcessRequestAsync(req, ct, _scriptHostManager, _webHookReceiverManager);
             };
 
+            // Local Function calls do not go thru ARR, so implementing the ARR's MAX-FORWARDs header logic here to avoid infinte redirects.
+            IEnumerable<string> values = null;
+            int redirectCount = 0;
+            if (request.Headers.TryGetValues(ScriptConstants.AzureProxyFunctionLocalRedirectHeaderName, out values))
+            {
+                int.TryParse(values.FirstOrDefault(), out redirectCount);
+
+                if(redirectCount >= ScriptConstants.AzureProxyFunctionMaxLocalRedirects)
+                {
+                    response = request.CreateErrorResponse(HttpStatusCode.BadRequest, "Infinite loop detected when trying to call a local function or proxy from a proxy.");
+                    request.Properties[ScriptConstants.AzureFunctionsHttpResponseKey] = response;
+                    return;
+                }
+
+                // This is to make sure the header is properly updated. removing it then adding it with updated count.
+                request.Headers.Remove(ScriptConstants.AzureProxyFunctionLocalRedirectHeaderName);
+            }
+
+            redirectCount++;
+            request.Headers.Add(ScriptConstants.AzureProxyFunctionLocalRedirectHeaderName, redirectCount.ToString());
+
             var resp = await _scriptHostManager.HttpRequestManager.ProcessRequestAsync(request, processRequestHandler, cancellationToken);
             request.Properties[ScriptConstants.AzureFunctionsHttpResponseKey] = resp;
             return;

src/WebJobs.Script/ScriptConstants.cs

@@ -63,6 +63,9 @@ public static class ScriptConstants
         public const string DynamicSku = "Dynamic";
         public const string DefaultProductionSlotName = "production";
 
+        public const string AzureProxyFunctionLocalRedirectHeaderName = "X_PROXY_LOCAL_REDIRECT_COUNT";
+        public const int AzureProxyFunctionMaxLocalRedirects = 10;
+
         public const string FeatureFlagDisableShadowCopy = "DisableShadowCopy";
         public const string FeatureFlagsEnableDynamicExtensionLoading = "EnableDynamicExtensionLoading";
 

test/WebJobs.Script.Tests.Integration/ProxyEndToEndTests.cs

@@ -73,6 +73,16 @@ public async Task LocalFunctionCall()
             Assert.Equal("Pong", content);
         }
 
+        [Fact]
+        public async Task LocalFunctionInfiniteRedirectTest()
+        {
+            HttpResponseMessage response = await _fixture.HttpClient.GetAsync($"api/myloop");
+
+            string content = await response.Content.ReadAsStringAsync();
+            Assert.Equal("400", response.StatusCode.ToString("D"));
+            Assert.True(content.Contains("Infinite loop"));
+        }
+
         [Fact]
         public async Task LocalFunctionCallWithoutProxy()
         {

test/WebJobs.Script.Tests.Integration/TestScripts/Proxies/proxies.json

@@ -69,7 +69,7 @@
     "catchAllRoutes": {
       "matchCondition": {
         "route": "/proxy/{*path}",
-        "methods": ["GET", "POST"]
+        "methods": [ "GET", "POST" ]
       },
       "backendUri": "http://localhost/{path}",
       "requestOverrides": {
@@ -105,6 +105,12 @@
       "requestOverrides": {
         "backend.request.headers.accept": "text/plain"
       }
+    },
+    "ProxyAvoidInfiniteRedirect": {
+      "matchCondition": {
+        "route": "/api/{*path}"
+      },
+      "backendUri": "https://localhost/api/{path}"
     }
   }
 }