Feature #7586 » 0002-Configurable-trustedProxies-minor-fixes.patch
| src/web/Configuration.C | ||
|---|---|---|
|
bool Configuration::isTrustedProxy(const std::string &ipAddress) const {
|
||
|
READ_LOCK;
|
||
|
if (behindReverseProxy_) {
|
||
|
if (!behindReverseProxy_) {
|
||
|
return false;
|
||
|
}
|
||
|
AsioWrapper::error_code ec;
|
||
| src/web/WebRequest.C | ||
|---|---|---|
|
for (auto it = forwardedIps.rbegin();
|
||
|
it != forwardedIps.rend(); ++it) {
|
||
|
boost::trim(*it);
|
||
|
if (!it->empty() && !conf.isTrustedProxy(*it)) {
|
||
|
return *it;
|
||
|
if (!it->empty()) {
|
||
|
if (!conf.isTrustedProxy(*it)) {
|
||
|
return *it;
|
||
|
}
|
||
|
else {
|
||
|
/*
|
||
|
* When the left-most address in a forwardedHeader is contained
|
||
|
* within a trustedProxy subnet, it should be returned as the clientAddress
|
||
|
*/
|
||
|
remoteAddr = *it;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
| test/http/HttpClientServerTest.C | ||
|---|---|---|
|
}
|
||
|
}
|
||
|
#endif // WT_THREADED
|
||
|
BOOST_AUTO_TEST_CASE( http_client_address_forward_for_includes_us_on_subnet )
|
||
|
{
|
||
|
Server server;
|
||
|
server.resource().clientAddressTest();
|
||
|
server.configuration().setBehindReverseProxy(true);
|
||
|
server.configuration().setTrustedProxies({
|
||
|
Configuration::Network::fromString("127.0.0.0/8"),
|
||
|
Configuration::Network::fromString("198.51.100.0/24"),
|
||
|
Configuration::Network::fromString("203.0.113.0/24")
|
||
|
});
|
||
|
if (server.start()) {
|
||
|
Client client;
|
||
|
std::vector<Http::Message::Header> headers {
|
||
|
{"X-Forwarded-For", "127.0.0.10, 203.0.113.1, 198.51.100.1"},
|
||
|
};
|
||
|
client.get("http://" + server.address() + "/test", headers);
|
||
|
client.waitDone();
|
||
|
BOOST_REQUIRE(!client.err());
|
||
|
BOOST_REQUIRE(client.message().status() == 200);
|
||
|
// Should get IP address from X-Forwarded-For
|
||
|
BOOST_REQUIRE(client.message().body() == "127.0.0.10");
|
||
|
}
|
||
|
}
|
||
|
#endif // WT_THREADED
|
||
- « Previous
- 1
- 2
- 3
- Next »