forked from Sysdeploy/cloud-init-cherrypy
sec: disallow global IPs from proxying
This commit is contained in:
parent
534b33fa52
commit
ce70c7144c
26
main.py
26
main.py
|
@ -19,17 +19,29 @@ redirect_filename = config["app"].get("redirect", "redirect")
|
|||
|
||||
|
||||
class MainApp:
|
||||
def _can_ip_be_proxy(self):
|
||||
self.remoteip = cherrypy.request.remote.ip
|
||||
try:
|
||||
ipobj = IPv4Address(self.remoteip)
|
||||
except AddressValueError:
|
||||
try:
|
||||
ipobj = IPv6Address(self.remoteip)
|
||||
except AddressValueError:
|
||||
return False
|
||||
return not ipobj.is_global
|
||||
|
||||
def _init_ip(self):
|
||||
"""
|
||||
Get remote IP
|
||||
"""
|
||||
try:
|
||||
self.remoteip = cherrypy.request.headers.get(
|
||||
'X-Real-Ip',
|
||||
cherrypy.request.remote.ip
|
||||
)
|
||||
except BaseException:
|
||||
self.remoteip = cherrypy.request.remote.ip
|
||||
if self._can_ip_be_proxy():
|
||||
try:
|
||||
self.remoteip = cherrypy.request.headers.get(
|
||||
'X-Real-Ip',
|
||||
cherrypy.request.remote.ip
|
||||
)
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
try:
|
||||
self.hostinfo = socket.gethostbyaddr(self.remoteip)
|
||||
|
|
Loading…
Reference in New Issue
Block a user