forked from Sysdeploy/cloud-init-cherrypy
sec: disallow global IPs from proxying
This commit is contained in:
parent
534b33fa52
commit
ce70c7144c
26
main.py
26
main.py
|
@ -19,17 +19,29 @@ redirect_filename = config["app"].get("redirect", "redirect")
|
||||||
|
|
||||||
|
|
||||||
class MainApp:
|
class MainApp:
|
||||||
|
def _can_ip_be_proxy(self):
|
||||||
|
self.remoteip = cherrypy.request.remote.ip
|
||||||
|
try:
|
||||||
|
ipobj = IPv4Address(self.remoteip)
|
||||||
|
except AddressValueError:
|
||||||
|
try:
|
||||||
|
ipobj = IPv6Address(self.remoteip)
|
||||||
|
except AddressValueError:
|
||||||
|
return False
|
||||||
|
return not ipobj.is_global
|
||||||
|
|
||||||
def _init_ip(self):
|
def _init_ip(self):
|
||||||
"""
|
"""
|
||||||
Get remote IP
|
Get remote IP
|
||||||
"""
|
"""
|
||||||
try:
|
if self._can_ip_be_proxy():
|
||||||
self.remoteip = cherrypy.request.headers.get(
|
try:
|
||||||
'X-Real-Ip',
|
self.remoteip = cherrypy.request.headers.get(
|
||||||
cherrypy.request.remote.ip
|
'X-Real-Ip',
|
||||||
)
|
cherrypy.request.remote.ip
|
||||||
except BaseException:
|
)
|
||||||
self.remoteip = cherrypy.request.remote.ip
|
except KeyError:
|
||||||
|
pass
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self.hostinfo = socket.gethostbyaddr(self.remoteip)
|
self.hostinfo = socket.gethostbyaddr(self.remoteip)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user