Stop reading X-Forwarded-Port
X-Forwarded-Port contains the destination port, not the source port, so it isn't useful for our purposes. Move parsing of X-Forwarded-* header fields to parseForwarded.
This commit is contained in:
parent
1b49fff763
commit
927ee80da1
12
server.go
12
server.go
@ -212,17 +212,13 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only trust X-Forwarded-* header fields if this is a trusted proxy IP
|
// Only trust the Forwarded header field if this is a trusted proxy IP
|
||||||
// to prevent users from spoofing the remote address
|
// to prevent users from spoofing the remote address
|
||||||
remoteAddr := req.RemoteAddr
|
remoteAddr := req.RemoteAddr
|
||||||
if isProxy {
|
if isProxy {
|
||||||
forwarded := parseForwarded(req.Header)
|
forwarded := parseForwarded(req.Header)
|
||||||
forwardedHost := req.Header.Get("X-Forwarded-For")
|
|
||||||
forwardedPort := req.Header.Get("X-Forwarded-Port")
|
|
||||||
if forwarded["for"] != "" {
|
if forwarded["for"] != "" {
|
||||||
remoteAddr = forwarded["for"]
|
remoteAddr = forwarded["for"]
|
||||||
} else if forwardedHost != "" && forwardedPort != "" {
|
|
||||||
remoteAddr = net.JoinHostPort(forwardedHost, forwardedPort)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -232,7 +228,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
|||||||
func parseForwarded(h http.Header) map[string]string {
|
func parseForwarded(h http.Header) map[string]string {
|
||||||
forwarded := h.Get("Forwarded")
|
forwarded := h.Get("Forwarded")
|
||||||
if forwarded == "" {
|
if forwarded == "" {
|
||||||
return nil
|
return map[string]string{
|
||||||
|
"for": h.Get("X-Forwarded-For"),
|
||||||
|
"proto": h.Get("X-Forwarded-Proto"),
|
||||||
|
"host": h.Get("X-Forwarded-Host"),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// Hack to easily parse header parameters
|
// Hack to easily parse header parameters
|
||||||
_, params, _ := mime.ParseMediaType("hack; " + forwarded)
|
_, params, _ := mime.ParseMediaType("hack; " + forwarded)
|
||||||
|
Loading…
Reference in New Issue
Block a user