func (c *AppConfig) initClientRestriction() {
prefix := c.clientRestrictions.Addresses
if len(prefix) <= 0 {
return
}
c.ipaTrie = ipatrie.NewTrie()
for _, p := range prefix {
a, m, e := ipatrie.ParseCIDR(p)
if e == nil {
c.ipaTrie.Insert(a, m)
} else {
log.Warningf("Parse cidr=%s error=%v", p, e)
}
}
c.clientRestrictions.prefixCount = c.ipaTrie.Size()
}
func (s *Session) buildPxReq(req *http.Request) (xReq *PxReq, err error) {
var dst *url.URL
var nondef int
var uri = s.uri
var ckNames map[string]bool
var xHeader = make(http.Header)
if strings.HasPrefix(uri, "/!") {
uri = uri[2:]
ckNames = make(map[string]bool)
nondef |= 0xf
} else {
uri = default_host + uri
}
dst, err = url.Parse(default_protocol + uri)
if err != nil {
return
}
// process in-Header
// copy header, skip Cookie
for k, vv := range req.Header {
switch k {
case "Referer":
ref := vv[0]
if pos := strings.Index(ref, "/!"); pos > 0 {
ref = default_protocol + ref[pos+2:]
vv[0] = ref
} else {
continue
}
case "Cookie", "Origin":
continue
default:
if strings.HasPrefix(k, "X-") {
continue
}
}
xHeader[k] = vv
}
// process in-Cookies
// copy cookies, skip namesakes if requested to nondefault domain
var cookies []string
for _, ck := range req.Cookies() {
if nondef > 0 {
if ckNames[ck.Name] {
if debug {
log.Warningf("cookie dup??? uri=%s exists=[%s] %s==%s", uri, strings.Join(cookies, "]["), ck.Name, ck.Value)
}
continue
} else {
ckNames[ck.Name] = true
}
}
// ignore __cookie
if strings.HasPrefix(ck.Name, "__") {
continue
}
cookies = append(cookies, ck.String())
}
if len(cookies) > 0 {
xHeader.Set("Cookie", strings.Join(cookies, "; "))
}
if !config.CheckDomainRestriction(dst.Host) {
return nil, errNotAllowed
}
// ipv[46]
if nondef > 0 && reAbuseRedirect.MatchString(uri) {
nondef |= 0xf0
s.abusing = true
}
xHeader.Set("Connection", "keep-alive")
xHeader.Set("Accept-Encoding", "gzip")
xReq = &PxReq{
url: dst,
nondefault: nondef,
header: xHeader,
}
return
}