mirror of
https://github.com/XTLS/Xray-core.git
synced 2026-06-27 07:23:13 +00:00
Meow
711aea4e34
https://github.com/XTLS/Xray-core/pull/6258#issuecomment-4663652131 Behavior: https://github.com/XTLS/Xray-core/pull/6258#issuecomment-4746598275 Replaces https://github.com/XTLS/Xray-core/pull/6159
85 lines
2.4 KiB
Go
85 lines
2.4 KiB
Go
package http
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/xtls/xray-core/common/errors"
|
|
"github.com/xtls/xray-core/common/net"
|
|
)
|
|
|
|
// ApplyTrustedXForwardedFor returns remoteAddr overridden by X-Forwarded-For only when a configured trusted header is present.
|
|
func ApplyTrustedXForwardedFor(header http.Header, trusted []string, remoteAddr net.Addr) net.Addr {
|
|
value := header.Get("X-Forwarded-For")
|
|
if value == "" {
|
|
return remoteAddr
|
|
}
|
|
for _, t := range trusted {
|
|
if len(header.Values(t)) > 0 {
|
|
if idx := strings.IndexByte(value, ','); idx >= 0 {
|
|
value = value[:idx]
|
|
}
|
|
if addr := net.ParseAddress(value); addr.Family().IsIP() {
|
|
return &net.TCPAddr{
|
|
IP: addr.IP(),
|
|
Port: 0,
|
|
}
|
|
}
|
|
return remoteAddr
|
|
}
|
|
}
|
|
if len(trusted) == 0 {
|
|
errors.LogWarning(context.Background(), `received "X-Forwarded-For" from `, remoteAddr, ` but "sockopt.trustedXForwardedFor" is not configured; ignoring it and using the real remote address`)
|
|
} else {
|
|
errors.LogError(context.Background(), `ignored potentially forged "X-Forwarded-For" from `, remoteAddr, `: `, value)
|
|
}
|
|
return remoteAddr
|
|
}
|
|
|
|
// RemoveHopByHopHeaders removes hop by hop headers in http header list.
|
|
func RemoveHopByHopHeaders(header http.Header) {
|
|
// Strip hop-by-hop header based on RFC:
|
|
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.5.1
|
|
// https://www.mnot.net/blog/2011/07/11/what_proxies_must_do
|
|
|
|
header.Del("Proxy-Connection")
|
|
header.Del("Proxy-Authenticate")
|
|
header.Del("Proxy-Authorization")
|
|
header.Del("TE")
|
|
header.Del("Trailers")
|
|
header.Del("Transfer-Encoding")
|
|
header.Del("Upgrade")
|
|
|
|
connections := header.Get("Connection")
|
|
header.Del("Connection")
|
|
if connections == "" {
|
|
return
|
|
}
|
|
for _, h := range strings.Split(connections, ",") {
|
|
header.Del(strings.TrimSpace(h))
|
|
}
|
|
}
|
|
|
|
// ParseHost splits host and port from a raw string. Default port is used when raw string doesn't contain port.
|
|
func ParseHost(rawHost string, defaultPort net.Port) (net.Destination, error) {
|
|
port := defaultPort
|
|
host, rawPort, err := net.SplitHostPort(rawHost)
|
|
if err != nil {
|
|
if addrError, ok := err.(*net.AddrError); ok && strings.Contains(addrError.Err, "missing port") {
|
|
host = rawHost
|
|
} else {
|
|
return net.Destination{}, err
|
|
}
|
|
} else if len(rawPort) > 0 {
|
|
intPort, err := strconv.Atoi(rawPort)
|
|
if err != nil {
|
|
return net.Destination{}, err
|
|
}
|
|
port = net.Port(intPort)
|
|
}
|
|
|
|
return net.TCPDestination(net.ParseAddress(host), port), nil
|
|
}
|