mirror of
https://github.com/willnorris/imageproxy.git
synced 2024-12-30 22:34:18 -05:00
Allow allowing/blocks hosts by IP range (#236)
This commit is contained in:
parent
3c7d08f311
commit
f91e9cb508
3 changed files with 16 additions and 2 deletions
|
@ -208,9 +208,11 @@ Alternately, try running:
|
||||||
Reloading the [codercat URL][] will still return an error message.
|
Reloading the [codercat URL][] will still return an error message.
|
||||||
|
|
||||||
You can specify multiple hosts as a comma separated list to either flag, or
|
You can specify multiple hosts as a comma separated list to either flag, or
|
||||||
prefix a host value with `*.` to allow or deny all sub-domains as well.
|
prefix a host value with `*.` to allow or deny all sub-domains. You can
|
||||||
|
also specify a netblock in CIDR notation (`127.0.0.0/8`) -- this is useful for
|
||||||
|
blocking reserved ranges like `127.0.0.0/8`, `192.168.0.0/16`, etc.
|
||||||
|
|
||||||
If a host matches both an allowed an a denied host, the request will be denied.
|
If a host matches both an allowed and denied host, the request will be denied.
|
||||||
|
|
||||||
### Allowed Content-Type List ###
|
### Allowed Content-Type List ###
|
||||||
|
|
||||||
|
|
|
@ -28,6 +28,7 @@ import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
"mime"
|
"mime"
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"path"
|
"path"
|
||||||
|
@ -324,6 +325,16 @@ func hostMatches(hosts []string, u *url.URL) bool {
|
||||||
if strings.HasPrefix(host, "*.") && strings.HasSuffix(u.Host, host[2:]) {
|
if strings.HasPrefix(host, "*.") && strings.HasSuffix(u.Host, host[2:]) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
// Checks whether the host in u is an IP
|
||||||
|
if ip := net.ParseIP(u.Host); ip != nil {
|
||||||
|
// Checks whether our current host is a CIDR
|
||||||
|
if _, ipnet, err := net.ParseCIDR(host); err == nil {
|
||||||
|
// Checks if our host contains the IP in u
|
||||||
|
if ipnet.Contains(ip) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return false
|
return false
|
||||||
|
|
|
@ -172,6 +172,7 @@ func TestAllowed(t *testing.T) {
|
||||||
{"http://test/image", emptyOptions, nil, []string{"test"}, nil, nil, nil, false},
|
{"http://test/image", emptyOptions, nil, []string{"test"}, nil, nil, nil, false},
|
||||||
{"http://test/image", emptyOptions, []string{"test"}, []string{"test"}, nil, nil, nil, false},
|
{"http://test/image", emptyOptions, []string{"test"}, []string{"test"}, nil, nil, nil, false},
|
||||||
{"http://test/image", Options{Signature: "NDx5zZHx7QfE8E-ijowRreq6CJJBZjwiRfOVk_mkfQQ="}, nil, []string{"test"}, nil, key, nil, false},
|
{"http://test/image", Options{Signature: "NDx5zZHx7QfE8E-ijowRreq6CJJBZjwiRfOVk_mkfQQ="}, nil, []string{"test"}, nil, key, nil, false},
|
||||||
|
{"http://127.0.0.1/image", emptyOptions, nil, []string{"127.0.0.0/8"}, nil, nil, nil, false},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
|
|
Loading…
Reference in a new issue