Comments (8)
The most stable way to do this would be to have a list of local addresses (net.InterfaceAddrs()
?), then possibly do an DNS lookup for every request, then check whether that resolves to a local address and the IP the proxy is bound to. If it does, cancel the request.
However, an additional DNS lookup on every request sounds costly.
from goproxy.
It shouldn't happen, since the request goproxy send is not a proxy request
(ie, it is GET / instead of GET http://localost/).
I'll investigate.
On Tue, Jun 17, 2014 at 9:08 PM, Justinas Stankevičius <
[email protected]> wrote:
The most stable way to do this would be to have a list of local addresses (
net.InterfaceAddrs()?), then possibly do an DNS lookup for every request,
then check whether that resolves to a local address and the IP the proxy is
bound to. If it does, cancel the request.However, an additional DNS lookup on every request sounds costly.
—
Reply to this email directly or view it on GitHub
#53 (comment).
from goproxy.
I decided that disallowing direct proxy requests is the best solution, since you can't always know whether or not the request was directed to you. Let me know if it works for you now.
Thanks for the bug report.
from goproxy.
Seems like I was overcomplicating the issue. It seems to work now. Thanks for the quick fix! 👍
from goproxy.
This fix breaks transparent proxy support as is noted in #26
from goproxy.
@mzimmerman what do you suggest? Setting to enable transparent proxy? Note that transparent proxy won't work for HTTP 1.0 request without Host header.
from goproxy.
@elazarl I wasn't sure, I was hoping you could tell me! :) I've just started looking at your code today. I'm trying to implement a successor to whitetrash which is a proxy with liberal whitelist for purposes of defending against malware. It hasn't been updated in several years and is written in python. If I'm going to update it, I'd rather do it in Go.
Just starting with the basics, I ran into the lack of support for transparent proxying through iptables. Implementing what you had in 3831094 fixes it for me, but it breaks some tests.
from goproxy.
@mzimmerman hmmm... there are conflicting requirements here. On the one hand, you might want to act like a proxy, and refuse non-proxy direct requests, as squid would. On the other hand, when you're acting like a transparent proxy, you do want to respond to transparent requests.
At any rate, you never want the feedback loop.
What I suggest is, have a Transparent
property to the proxy, and detect self connections, by, e.g., adding a header to the request, or, by letting the proxy know on which address it listens.
from goproxy.
Related Issues (20)
- How to prevent traffic from being swiped? HOT 1
- Facebook and Instagram apps fail to work through GoProxy HOT 1
- Deployment to AWS Lambda ?
- Release versions for go package HOT 2
- How to use code on win10 instead of manual to open the forward proxy Settings?
- An existing connection was forcibly closed by the remote host.
- How best to modify HTTP data and header order
- https blocking does not take effect HOT 3
- goproxy v1.1 was discovered to contain an issue which can lead to Denial of Service (DoS) via unspecified vectors HOT 2
- Cannot connect to HTTP websocket when performing TLS MitM
- 请求头参数大小写格式在哪转换的?
- Semicolon in URL query HOT 1
- Potential Typo in Request Handling - "r.Close" misset to False?
- Question about modifying requests
- Can we do URL A -> proxy A, URL B -> proxy B?
- Limit the number of goroutines HOT 1
- Contant HOT 1
- team.works, with community support
- updating expired certificate
- NET::ERR_CERT_AUTHORITY_INVALID HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from goproxy.