mirror of
https://github.com/XTLS/Xray-core.git
synced 2026-07-03 02:08:45 +00:00
XHTTP & WS & HU & gRPC servers: Require sockopt.trustedXForwardedFor (#6309)
https://github.com/XTLS/Xray-core/pull/6258#issuecomment-4663652131 Behavior: https://github.com/XTLS/Xray-core/pull/6258#issuecomment-4746598275 Replaces https://github.com/XTLS/Xray-core/pull/6159
This commit is contained in:
@@ -65,24 +65,12 @@ func (h *requestHandler) ServeHTTP(writer http.ResponseWriter, request *http.Req
|
||||
return
|
||||
}
|
||||
|
||||
var forwardedAddrs []net.Address
|
||||
if h.socketSettings != nil && len(h.socketSettings.TrustedXForwardedFor) > 0 {
|
||||
for _, key := range h.socketSettings.TrustedXForwardedFor {
|
||||
if len(request.Header.Values(key)) > 0 {
|
||||
forwardedAddrs = http_proto.ParseXForwardedFor(request.Header)
|
||||
break
|
||||
}
|
||||
}
|
||||
} else {
|
||||
forwardedAddrs = http_proto.ParseXForwardedFor(request.Header)
|
||||
}
|
||||
remoteAddr := conn.RemoteAddr()
|
||||
if len(forwardedAddrs) > 0 && forwardedAddrs[0].Family().IsIP() {
|
||||
remoteAddr = &net.TCPAddr{
|
||||
IP: forwardedAddrs[0].IP(),
|
||||
Port: int(0),
|
||||
}
|
||||
var trustedXFF []string
|
||||
if h.socketSettings != nil {
|
||||
trustedXFF = h.socketSettings.TrustedXForwardedFor
|
||||
}
|
||||
remoteAddr = http_proto.ApplyTrustedXForwardedFor(request.Header, trustedXFF, remoteAddr)
|
||||
|
||||
h.ln.addConn(NewConnection(conn, remoteAddr, extraReader, h.ln.config.HeartbeatPeriod))
|
||||
}
|
||||
|
||||
@@ -79,6 +79,9 @@ func TestDialWithRemoteAddr(t *testing.T) {
|
||||
ProtocolSettings: &Config{
|
||||
Path: "ws",
|
||||
},
|
||||
SocketSettings: &internet.SocketConfig{
|
||||
TrustedXForwardedFor: []string{"X-Forwarded-For"},
|
||||
},
|
||||
}, func(conn stat.Connection) {
|
||||
go func(c stat.Connection) {
|
||||
defer c.Close()
|
||||
|
||||
Reference in New Issue
Block a user