mirror of
https://github.com/XTLS/Xray-core.git
synced 2026-07-02 17:58:46 +00:00
XHTTP & WS & HU & gRPC servers: Require sockopt.trustedXForwardedFor (#6309)
https://github.com/XTLS/Xray-core/pull/6258#issuecomment-4663652131 Behavior: https://github.com/XTLS/Xray-core/pull/6258#issuecomment-4746598275 Replaces https://github.com/XTLS/Xray-core/pull/6159
This commit is contained in:
@@ -155,17 +155,6 @@ func (h *requestHandler) ServeHTTP(writer http.ResponseWriter, request *http.Req
|
||||
return
|
||||
}
|
||||
|
||||
var forwardedAddrs []net.Address
|
||||
if h.socketSettings != nil && len(h.socketSettings.TrustedXForwardedFor) > 0 {
|
||||
for _, key := range h.socketSettings.TrustedXForwardedFor {
|
||||
if len(request.Header.Values(key)) > 0 {
|
||||
forwardedAddrs = http_proto.ParseXForwardedFor(request.Header)
|
||||
break
|
||||
}
|
||||
}
|
||||
} else {
|
||||
forwardedAddrs = http_proto.ParseXForwardedFor(request.Header)
|
||||
}
|
||||
var remoteAddr net.Addr
|
||||
var err error
|
||||
remoteAddr, err = net.ResolveTCPAddr("tcp", request.RemoteAddr)
|
||||
@@ -181,12 +170,11 @@ func (h *requestHandler) ServeHTTP(writer http.ResponseWriter, request *http.Req
|
||||
Port: remoteAddr.(*net.TCPAddr).Port,
|
||||
}
|
||||
}
|
||||
if len(forwardedAddrs) > 0 && forwardedAddrs[0].Family().IsIP() {
|
||||
remoteAddr = &net.TCPAddr{
|
||||
IP: forwardedAddrs[0].IP(),
|
||||
Port: 0,
|
||||
}
|
||||
var trustedXFF []string
|
||||
if h.socketSettings != nil {
|
||||
trustedXFF = h.socketSettings.TrustedXForwardedFor
|
||||
}
|
||||
remoteAddr = http_proto.ApplyTrustedXForwardedFor(request.Header, trustedXFF, remoteAddr)
|
||||
|
||||
var currentSession *httpSession
|
||||
if sessionId != "" {
|
||||
|
||||
@@ -88,6 +88,9 @@ func TestDialWithRemoteAddr(t *testing.T) {
|
||||
ProtocolSettings: &Config{
|
||||
Path: "sh",
|
||||
},
|
||||
SocketSettings: &internet.SocketConfig{
|
||||
TrustedXForwardedFor: []string{"X-Forwarded-For"},
|
||||
},
|
||||
}, func(conn stat.Connection) {
|
||||
go func(c stat.Connection) {
|
||||
defer c.Close()
|
||||
|
||||
Reference in New Issue
Block a user