Setting a HTTP Proxy and Products = 403 Forbidden

Problem:
Setting a HTTP Proxy and Products = 403 Forbidden

When I set a global “HTTP(S) Proxy” in Settings and then go to Products, I get the (403 Forbidden) error. If I then add the hostname of the foreman instance I am using into the “HTTP(S) proxy except hosts” array, I can access Products but the proxy doesn’t work. I assume its not working because basically I am setting a proxy and then telling Foreman to ignore itself. Noted in the Description: “Set hostnames to which requests are not to be proxied. Requests to the local host are excluded by default.” ← that doesn’t seem to be the case.

Expected outcome:
Able to access Products and create new repositories while having a Global Proxy defined.

Foreman and Proxy versions:

foreman-1.18.2-1.el7.noarch
foreman-proxy-1.18.2-1.el7.noarch

Foreman and Proxy plugin versions:

katello-3.7.0-4.el7.noarch
tfm-rubygem-foreman_bootdisk-12.0.0-2.fm1_18.el7.noarch
tfm-rubygem-foreman_discovery-12.0.2-1.fm1_18.el7.noarch
tfm-rubygem-foreman_docker-4.1.0-1.fm1_18.el7.noarch
tfm-rubygem-foreman_openscap-0.10.2-1.fm1_18.el7.noarch
tfm-rubygem-foreman_remote_execution-1.5.6-1.fm1_18.el7.noarch
tfm-rubygem-foreman_remote_execution_core-1.1.2-2.el7.noarch
tfm-rubygem-foreman-tasks-0.13.4-1.fm1_18.el7.noarch
tfm-rubygem-foreman-tasks-core-0.2.5-1.fm1_18.el7.noarch
tfm-rubygem-foreman_templates-6.0.3-1.fm1_18.el7.noarch
tfm-rubygem-foreman_virt_who_configure-0.2.2-1.fm1_18.el7.noarch

Other relevant data:

Sep 22 14:44:34 foreman pulp: kombu.transport.qpid:INFO: Connected to qpid with SASL mechanism ANONYMOUS
Sep 22 14:44:35 foreman pulp: celery.worker.strategy:INFO: Received task: pulp.server.async.tasks._queue_reserved_task[9466b99e-7116-4d9b-8f97-9c23671e95d4]
Sep 22 14:44:35 foreman pulp: celery.worker.strategy:INFO: Received task: pulp.server.managers.repo.sync.sync[849cfd38-88df-4f1e-b113-62565d92793f]
Sep 22 14:44:35 foreman pulp: celery.app.trace:INFO: [9466b99e] Task pulp.server.async.tasks._queue_reserved_task[9466b99e-7116-4d9b-8f97-9c23671e95d4] succeeded in 0.0311414339958s: None
Sep 22 14:44:35 foreman pulp: celery.worker.strategy:INFO: Received task: pulp.server.async.tasks._release_resource[87ff0d9a-1db9-425a-8f9e-20618cfd2544]
Sep 22 14:44:35 foreman pulp: pulp_rpm.plugins.importers.yum.sync:INFO: [849cfd38] Downloading metadata from http://yum.oracle.com/repo/OracleLinux/OL7/latest/x86_64/.
Sep 22 14:44:35 foreman pulp: requests.packages.urllib3.connectionpool:INFO: Starting new HTTP connection (1): yum.oracle.com
Sep 22 14:44:41 foreman pulp: requests.packages.urllib3.connectionpool:WARNING: Retrying (Retry(total=4, connect=4, read=5, redirect=None)) after connection broken by 'ConnectTimeoutError(<requests.packages.urllib3.connection.HTTPConnection object at 0x7f80900bf650>, 'Connection to yum.oracle.com timed out. (connect timeout=6.05)')': /repo/OracleLinux/OL7/latest/x86_64/repodata/repomd.xml

Try to set your Foreman FQDN (or internal capsule FQDN) among ignored, it doesn’t use localhost for these API queries because of SSL certificates I think. Although I thought FQDN is also added automatically.

Yeah I did that and the results were the same. It seems when you add the FQDN to the exclusion list. its as if the proxy is ignored by Foreman because its excluding itself. What did end up working was using the --katello-proxy-url and --katello-proxy-port arguments for foreman-installer. Sure that works and my initial issue is resolved BUT, the reason for me posting this is because ideally, using the Web UI to set the http proxy in settings should work all the same and from my experience here, it is not.