Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added TrustedProxies parameter #339

Open
wants to merge 21 commits into
base: unstable
Choose a base branch
from
Open

Added TrustedProxies parameter #339

wants to merge 21 commits into from

Conversation

InterN0te
Copy link
Contributor

@InterN0te InterN0te commented Oct 9, 2024
edited
Loading

Added TrustedProxies parameter in settings :

image

For requests from these IPs, the shield will use the IP in X-Forwarded-For (if defined) to identify the client to block and thus avoid blocking the proxy server IP
image

image

@cla-bot cla-bot bot added the cla-signed label Oct 9, 2024
@InterN0te InterN0te marked this pull request as draft October 14, 2024 15:02
InterN0te and others added 2 commits October 14, 2024 18:15
@InterN0te
Apply Real IP in BannedIPs and Blockers
5c63102 
Added the real client IP as ClientID in Context and used this for IP abuse count/block/ban
@InterN0te
Removed Debug line
594b5e4
@InterN0te
Copy link
Contributor Author

Added the real client IP as ClientID in Context and used this for IP abuse count/block/ban :

func ClientRealIP(next http.Handler) 

func ClientRealIP(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		clientID := GetClientIP(r)
		if(clientID == ""){
			http.Error(w, "Invalid request", http.StatusBadRequest)
			return
		}

		ctx := context.WithValue(r.Context(), "ClientID", clientID)
		r = r.WithContext(ctx)

        next.ServeHTTP(w, r)
    })
}

Use Real Client IP 

func BlockByCountryMiddleware(blockedCountries []string, CountryBlacklistIsWhitelist bool) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			ip, ok := r.Context().Value("ClientID").(string)
			if !ok {
				http.Error(w, "Invalid request", http.StatusBadRequest)
				return
			}
[...]
}

image

image

(103.X.X.135 is my trusted proxy that can no longer be blocked)

@InterN0te InterN0te marked this pull request as ready for review October 14, 2024 20:38
azukaar
azukaar requested changes Oct 15, 2024
View reviewed changes
src/proxy/shield.go Outdated Show resolved Hide resolved
src/proxy/shield.go Outdated Show resolved Hide resolved
src/utils/utils.go Outdated Show resolved Hide resolved
src/utils/utils.go Show resolved Hide resolved
@InterN0te
Remove duplicated code
6fc014b 
Using IPInRange in IsTrustedProxy
SplitIP put back in shield (this is not a problem with a standard forwarded-for header)
Modified IPInRange to allow comparison of 2 valid IPs
InterN0te
InterN0te commented Oct 15, 2024
View reviewed changes
Copy link
Contributor Author

@InterN0te InterN0te left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using IPInRange in IsTrustedProxy
SplitIP put back in shield (this is not a problem with a standard forwarded-for header)
Modified IPInRange to allow comparison of 2 valid IPs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azukaar azukaar azukaar requested changes

Assignees
No one assigned
Labels
cla-signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@InterN0te @azukaar