Fix whitelist and XFF.
This commit is contained in:
parent
667a0c41ed
commit
edb5b3d711
8 changed files with 187 additions and 65 deletions
|
@ -11,20 +11,20 @@ import (
|
|||
|
||||
// NewHeaderRewriter Create a header rewriter
|
||||
func NewHeaderRewriter(trustedIPs []string, insecure bool) (forward.ReqRewriter, error) {
|
||||
IPs, err := whitelist.NewIP(trustedIPs, insecure, true)
|
||||
ips, err := whitelist.NewIP(trustedIPs, insecure, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
h, err := os.Hostname()
|
||||
hostname, err := os.Hostname()
|
||||
if err != nil {
|
||||
h = "localhost"
|
||||
hostname = "localhost"
|
||||
}
|
||||
|
||||
return &headerRewriter{
|
||||
secureRewriter: &forward.HeaderRewriter{TrustForwardHeader: true, Hostname: h},
|
||||
insecureRewriter: &forward.HeaderRewriter{TrustForwardHeader: false, Hostname: h},
|
||||
ips: IPs,
|
||||
secureRewriter: &forward.HeaderRewriter{TrustForwardHeader: false, Hostname: hostname},
|
||||
insecureRewriter: &forward.HeaderRewriter{TrustForwardHeader: true, Hostname: hostname},
|
||||
ips: ips,
|
||||
insecure: insecure,
|
||||
}, nil
|
||||
}
|
||||
|
@ -37,16 +37,17 @@ type headerRewriter struct {
|
|||
}
|
||||
|
||||
func (h *headerRewriter) Rewrite(req *http.Request) {
|
||||
authorized, _, err := h.ips.IsAuthorized(req)
|
||||
if h.insecure {
|
||||
h.insecureRewriter.Rewrite(req)
|
||||
return
|
||||
}
|
||||
|
||||
err := h.ips.IsAuthorized(req)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
h.secureRewriter.Rewrite(req)
|
||||
return
|
||||
}
|
||||
|
||||
if h.insecure || authorized {
|
||||
h.secureRewriter.Rewrite(req)
|
||||
} else {
|
||||
h.insecureRewriter.Rewrite(req)
|
||||
}
|
||||
h.insecureRewriter.Rewrite(req)
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue