Refactor X-Forwarded-* headers
This commit is contained in:
Manuel de Brito Fontes
parent
f478084cd8
commit
f38f49e770
5 changed files with 85 additions and 15 deletions
|
|
@ -19,6 +19,7 @@ package template
|
|||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
|
|
@ -37,6 +38,10 @@ const (
|
|||
bindAddress = "bind-address"
|
||||
)
|
||||
|
||||
var (
|
||||
realClientRegex = regexp.MustCompile(`auto|http-proxy|tcp-proxy`)
|
||||
)
|
||||
|
||||
// ReadConfig obtains the configuration defined by the user merged with the defaults.
|
||||
func ReadConfig(src map[string]string) config.Configuration {
|
||||
conf := map[string]string{}
|
||||
|
|
@ -119,6 +124,11 @@ func ReadConfig(src map[string]string) config.Configuration {
|
|||
glog.Warningf("unexpected error merging defaults: %v", err)
|
||||
}
|
||||
|
||||
if !realClientRegex.MatchString(to.RealClientFrom) {
|
||||
glog.Warningf("unexpected value for RealClientFromSetting (%v). Using default \"auto\"", to.RealClientFrom)
|
||||
to.RealClientFrom = "auto"
|
||||
}
|
||||
|
||||
return to
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import (
|
|||
"github.com/golang/glog"
|
||||
"github.com/pborman/uuid"
|
||||
|
||||
apiv1 "k8s.io/api/core/v1"
|
||||
extensions "k8s.io/api/extensions/v1beta1"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/ingress/controllers/nginx/pkg/config"
|
||||
|
|
@ -158,6 +159,8 @@ var (
|
|||
"buildAuthSignURL": buildAuthSignURL,
|
||||
"isValidClientBodyBufferSize": isValidClientBodyBufferSize,
|
||||
"buildForwardedFor": buildForwardedFor,
|
||||
"trustHTTPHeaders": trustHTTPHeaders,
|
||||
"trustProxyProtocol": trustProxyProtocol,
|
||||
}
|
||||
)
|
||||
|
||||
|
|
@ -657,3 +660,24 @@ func buildForwardedFor(input interface{}) string {
|
|||
ffh = strings.ToLower(ffh)
|
||||
return fmt.Sprintf("$http_%v", ffh)
|
||||
}
|
||||
|
||||
func trustHTTPHeaders(input interface{}) bool {
|
||||
conf, ok := input.(config.TemplateConfig)
|
||||
if !ok {
|
||||
return true
|
||||
}
|
||||
|
||||
return conf.Cfg.RealClientFrom == "http-proxy" ||
|
||||
(conf.Cfg.RealClientFrom == "auto" && !conf.Cfg.UseProxyProtocol &&
|
||||
(conf.PublishService != nil && conf.PublishService.Spec.Type == apiv1.ServiceTypeLoadBalancer))
|
||||
}
|
||||
|
||||
func trustProxyProtocol(input interface{}) bool {
|
||||
conf, ok := input.(config.TemplateConfig)
|
||||
if !ok {
|
||||
return true
|
||||
}
|
||||
|
||||
return conf.Cfg.RealClientFrom == "tcp-proxy" ||
|
||||
(conf.Cfg.RealClientFrom == "auto" && !conf.Cfg.UseProxyProtocol)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue