Consider Ability to Append to HTTP User-Agent Header

Question

Consider Ability to Append to HTTP User-Agent Header

bflad opened this issue 3 years ago · comments

Description

Implementors may wish to append their own HTTP User-Agent header data, e.g. hashicorp/terraform-plugin-sdk#682

In terraform-plugin-sdk's acceptance testing case, we'd automatically append information about the SDK and include the conventional TF_APPEND_USER_AGENT environment variable value.

If I recall correctly, a main practitioner use case for this was with enterprise Intrusion Detection Systems (IDS) which either log the header or filter based on the header for all outgoing HTTP requests on a corporate network.

Radek Simko · Answer 1 · Thu Mar 17 2022 04:46:24 GMT+0800 (China Standard Time)

If I recall correctly, a main practitioner use case for this was with enterprise Intrusion Detection Systems (IDS) which either log the header or filter based on the header for all outgoing HTTP requests on a corporate network.

I have some (limited) experience with proxies, but I'd love some more insight into how this would work in practice?

Is the idea is that all requests go through a proxy and the machine running TF provider tests has a self-signed SSL cert installed for HashiCorp domains, so that the proxy can actually intercept the SSL-encrypted traffic, including the headers (since both endpoints are HTTPS)?

It sounds like a pretty expensive way of controlling the traffic, when the hostname can be effectively checked (assuming they also control the DNS) without having to decrypt anything, let alone the amount of false alarms checking User-Agent would likely produce, but I may be misunderstanding some crucial details.

That is to say I am not objecting to a customizable User-Agent 😄 I'm just really curious about the real-life use case and usefulness of this.

Brian Flad · Answer 2 · Thu Mar 17 2022 05:13:04 GMT+0800 (China Standard Time)

Ah ha, hashicorp/terraform-exec#9 was for language server metrics. I don't think that would apply to this library, so I'm actually tempted to close this out, unless the folks monitoring checkpoint/releases requests might care.

Radek Simko · Answer 3 · Thu Mar 17 2022 05:23:38 GMT+0800 (China Standard Time)

Right, I think that was mainly about the runtime, e.g. requests to TFC via Terraform.

There's a point to be made about filtering downloads of products (incl. Terraform) by User-Agent, but given that this library's main use case is in automation and CI, I'm not sure how useful would the resulting numbers really be, so I am also tempted to close this.

That said - if someone comes up with a compelling use case for customizable User-Agent I'd be happy to add it!