sec: disallow global IPs from proxying

master
Peter Šurda 2 years ago
parent 534b33fa52
commit ce70c7144c
Signed by: PeterSurda
GPG Key ID: 0C5F50C0B5F37D87
  1. 26
      main.py

@ -19,17 +19,29 @@ redirect_filename = config["app"].get("redirect", "redirect")
class MainApp:
def _can_ip_be_proxy(self):
self.remoteip = cherrypy.request.remote.ip
try:
ipobj = IPv4Address(self.remoteip)
except AddressValueError:
try:
ipobj = IPv6Address(self.remoteip)
except AddressValueError:
return False
return not ipobj.is_global
def _init_ip(self):
"""
Get remote IP
"""
try:
self.remoteip = cherrypy.request.headers.get(
'X-Real-Ip',
cherrypy.request.remote.ip
)
except BaseException:
self.remoteip = cherrypy.request.remote.ip
if self._can_ip_be_proxy():
try:
self.remoteip = cherrypy.request.headers.get(
'X-Real-Ip',
cherrypy.request.remote.ip
)
except KeyError:
pass
try:
self.hostinfo = socket.gethostbyaddr(self.remoteip)

Loading…
Cancel
Save