Commit 5ed25366 authored by Nick Mathewson's avatar Nick Mathewson 👉
Browse files

r18063@catbus: nickm | 2008-02-13 10:08:53 -0500

 Implement bridgedb feature to take IPs from X-Forwarded-For headers


svn:r13491
parent f3ebfc35
......@@ -50,9 +50,15 @@ HTTPS_PORT=3443
HTTPS_CERT_FILE="cert"
# Private key file.
HTTPS_KEY_FILE="privkey.pem"
# IP and port to listen on for unencrypted HTTP connections. Debugging only.
# If true, there is a trusted proxy relaying incoming messages to us: take
# the *last* entry from its X-Forwarded-For header as the client's IP.
HTTPS_USE_IP_FROM_FORWARDED_HEADER = False
# IP and port to listen on for unencrypted HTTP connections.
HTTP_UNENCRYPTED_BIND_IP=None
HTTP_UNENCRYPTED_PORT=None
# As HTTPS_USE_IP_FROM_FORWARDED_HEADER, but for unencrypted connections.
HTTP_USE_IP_FROM_FORWARDED_HEADER = False
# How many bridges do we give back in an answer?
HTTPS_N_BRIDGES_PER_ANSWER=3
......
......@@ -49,8 +49,10 @@ CONFIG = Conf(
HTTPS_PORT=6789,
HTTPS_CERT_FILE="cert",
HTTPS_KEY_FILE="privkey.pem",
HTTPS_USE_IP_FROM_FORWARDED_HEADER=0,
HTTP_UNENCRYPTED_BIND_IP=None,
HTTP_UNENCRYPTED_PORT=6788,
HTTP_USE_IP_FROM_FORWARDED_HEADER=1,
HTTPS_N_BRIDGES_PER_ANSWER=2,
EMAIL_DIST = True,
......
......@@ -76,7 +76,7 @@ class WebResource(twisted.web.resource.Resource):
bridges in response to a request."""
isLeaf = True
def __init__(self, distributor, schedule, N=1):
def __init__(self, distributor, schedule, N=1, useForwardedHeader=False):
"""Create a new WebResource.
distributor -- an IPBasedDistributor object
schedule -- an IntervalSchedule object
......@@ -86,12 +86,25 @@ class WebResource(twisted.web.resource.Resource):
self.distributor = distributor
self.schedule = schedule
self.nBridgesToGive = N
self.useForwardedHeader = useForwardedHeader
def render_GET(self, request):
interval = self.schedule.getInterval(time.time())
ip = request.getClientIP()
bridges = self.distributor.getBridgesForIP(ip, interval,
self.nBridgesToGive)
bridges = ( )
ip = None
if self.useForwardedHeader:
h = request.getHeader("X-Forwarded-For")
if h:
ip = h.split(",")[-1].strip()
if not bridgedb.Bridges.is_valid_ip(ip):
logging.warn("Got weird forwarded-for value %r",h)
ip = None
else:
ip = request.getClientIP()
if ip:
bridges = self.distributor.getBridgesForIP(ip, interval,
self.nBridgesToGive)
if bridges:
answer = "".join("%s\n" % b.getConfigLine() for b in bridges)
else:
......@@ -106,16 +119,20 @@ def addWebServer(cfg, dist, sched):
HTTPS_N_BRIDGES_PER_ANSWER
HTTP_UNENCRYPTED_PORT
HTTP_UNENCRYPTED_BIND_IP
HTTP_USE_IP_FROM_FORWARDED_HEADER
HTTPS_PORT
HTTPS_BIND_IP
HTTPS_USE_IP_FROM_FORWARDED_HEADER
dist -- an IPBasedDistributor object.
sched -- an IntervalSchedule object.
"""
Site = twisted.web.server.Site
resource = WebResource(dist, sched, cfg.HTTPS_N_BRIDGES_PER_ANSWER)
site = Site(resource)
site = None
if cfg.HTTP_UNENCRYPTED_PORT:
ip = cfg.HTTP_UNENCRYPTED_BIND_IP or ""
resource = WebResource(dist, sched, cfg.HTTPS_N_BRIDGES_PER_ANSWER,
cfg.HTTP_USE_IP_FROM_FORWARDED_HEADER)
site = Site(resource)
reactor.listenTCP(cfg.HTTP_UNENCRYPTED_PORT, site, interface=ip)
if cfg.HTTPS_PORT:
from twisted.internet.ssl import DefaultOpenSSLContextFactory
......@@ -123,6 +140,9 @@ def addWebServer(cfg, dist, sched):
ip = cfg.HTTPS_BIND_IP or ""
factory = DefaultOpenSSLContextFactory(cfg.HTTPS_KEY_FILE,
cfg.HTTPS_CERT_FILE)
resource = WebResource(dist, sched, cfg.HTTPS_N_BRIDGES_PER_ANSWER,
cfg.HTTPS_USE_IP_FROM_FORWARDED_HEADER)
site = Site(resource)
reactor.listenSSL(cfg.HTTPS_PORT, site, factory, interface=ip)
return site
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment