Skip to content

Commit

Permalink
Use trusted_proxies and client_ip_headers to parse trusted client…
Browse files Browse the repository at this point in the history 
… IP headers.
  • Loading branch information
@sbruens
sbruens committed Feb 8, 2025
1 parent 215f54a commit 9582c31
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 9 deletions.
6 changes: 6 additions & 0 deletions outlinecaddy/examples/websocket.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,12 @@ apps:
- handler: ws2outline
type: packet
connection_handler: ss1
trusted_proxies:
source: static
ranges:
- 127.0.0.1
client_ip_headers:
- "X-Forwarded-For"
layer4:
servers:
'1':
Expand Down
20 changes: 11 additions & 9 deletions outlinecaddy/ws2outline_handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,15 +126,17 @@ func (h WebSocketHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, _ ca
h.logger.Error("failed to upgrade", "err", err)
}
defer conn.Close()
clientAddrPort, clientIpErr := onet.ParseAddrPortOrIP(r.RemoteAddr)
switch h.Type {
case StreamConnectionType:
if clientIpErr == nil {
conn = &replaceAddrConn{StreamConn: conn, raddr: net.TCPAddrFromAddrPort(clientAddrPort)}
}
case PacketConnectionType:
if clientIpErr == nil {
conn = &replaceAddrConn{StreamConn: conn, raddr: net.UDPAddrFromAddrPort(clientAddrPort)}
if clientIp, ok := caddyhttp.GetVar(r.Context(), caddyhttp.ClientIPVarKey).(string); ok {
clientAddrPort, clientIpErr := onet.ParseAddrPortOrIP(clientIp)
switch h.Type {
case StreamConnectionType:
if clientIpErr == nil {
conn = &replaceAddrConn{StreamConn: conn, raddr: net.TCPAddrFromAddrPort(clientAddrPort)}
}
case PacketConnectionType:
if clientIpErr == nil {
conn = &replaceAddrConn{StreamConn: conn, raddr: net.UDPAddrFromAddrPort(clientAddrPort)}
}
}
}
cx := layer4.WrapConnection(conn, []byte{}, h.zlogger)
Expand Down

0 comments on commit 9582c31

Please sign in to comment.