Draft: WIP: hardening: make proxies request server consent (!385) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake

WofWca requested to merge WofWca/snowflake:server-consent-handshake into main Sep 04, 2024

(optional)

Prior to connecting to the relay and passing arbitrary client data to it, make a benign HTTP HEAD request to the relay host to ensure that it is indeed a Snowflake server and not something else.

This makes it harder to abuse proxies, especially if the allowed-relay-hostname-pattern is lax.

This change is backwards-compatible for both the server and the proxy. The server only handles the request in the new different way if the special header is passed. The proxy doesn't execute the new code unless the new CLI param (or the config prop) is set to true.

This is an improvement for (More) Distributed servers.

The proxy changes are unfortunately not covered by tests as I am not sure how to write them in this case.

I have tested the changes with all combinations of proxy and server (old and new).

Edited Sep 06, 2024 by WofWca

Draft: WIP: hardening: make proxies request server consent

Merge request reports