Example #1
0
func (c *AppConfig) initClientRestriction() {
	prefix := c.clientRestrictions.Addresses
	if len(prefix) <= 0 {
		return
	}
	c.ipaTrie = ipatrie.NewTrie()
	for _, p := range prefix {
		a, m, e := ipatrie.ParseCIDR(p)
		if e == nil {
			c.ipaTrie.Insert(a, m)
		} else {
			log.Warningf("Parse cidr=%s error=%v", p, e)
		}
	}
	c.clientRestrictions.prefixCount = c.ipaTrie.Size()
}
Example #2
0
func (s *Session) buildPxReq(req *http.Request) (xReq *PxReq, err error) {
	var dst *url.URL
	var nondef int
	var uri = s.uri
	var ckNames map[string]bool
	var xHeader = make(http.Header)

	if strings.HasPrefix(uri, "/!") {
		uri = uri[2:]
		ckNames = make(map[string]bool)
		nondef |= 0xf
	} else {
		uri = default_host + uri
	}

	dst, err = url.Parse(default_protocol + uri)
	if err != nil {
		return
	}

	// process in-Header
	// copy header, skip Cookie
	for k, vv := range req.Header {
		switch k {
		case "Referer":
			ref := vv[0]
			if pos := strings.Index(ref, "/!"); pos > 0 {
				ref = default_protocol + ref[pos+2:]
				vv[0] = ref
			} else {
				continue
			}
		case "Cookie", "Origin":
			continue
		default:
			if strings.HasPrefix(k, "X-") {
				continue
			}
		}
		xHeader[k] = vv
	}

	// process in-Cookies
	// copy cookies, skip namesakes if requested to nondefault domain
	var cookies []string
	for _, ck := range req.Cookies() {
		if nondef > 0 {
			if ckNames[ck.Name] {
				if debug {
					log.Warningf("cookie dup??? uri=%s exists=[%s] %s==%s", uri, strings.Join(cookies, "]["), ck.Name, ck.Value)
				}
				continue
			} else {
				ckNames[ck.Name] = true
			}
		}
		// ignore __cookie
		if strings.HasPrefix(ck.Name, "__") {
			continue
		}
		cookies = append(cookies, ck.String())
	}
	if len(cookies) > 0 {
		xHeader.Set("Cookie", strings.Join(cookies, "; "))
	}

	if !config.CheckDomainRestriction(dst.Host) {
		return nil, errNotAllowed
	}

	// ipv[46]
	if nondef > 0 && reAbuseRedirect.MatchString(uri) {
		nondef |= 0xf0
		s.abusing = true
	}

	xHeader.Set("Connection", "keep-alive")
	xHeader.Set("Accept-Encoding", "gzip")

	xReq = &PxReq{
		url:        dst,
		nondefault: nondef,
		header:     xHeader,
	}
	return
}