def is_forbidden(self, context, hostname):
ip = context.address[0]
lst = context.trusted_downstream
if lst and ip not in lst:
logging.warning(
'IP {!r} not found in trusted downstream {!r}'.format(ip, lst))
return True
if open_to_public['http'] and context._orig_protocol == 'http':
if not to_ip_address(ip).is_private:
if open_to_public['https'] and options.redirect:
if not is_ip_hostname(hostname):
# redirecting
return False
if options.fbidhttp:
logging.warning('Public plain http request is forbidden.')
return True
def is_forbidden(self, context, hostname):
ip = context.address[0]
lst = context.trusted_downstream
ip_address = None
if lst and ip not in lst:
logging.warning(
'IP {!r} not found in trusted downstream {!r}'.format(ip, lst))
return True
if context._orig_protocol == 'http':
if redirecting and not is_ip_hostname(hostname):
ip_address = to_ip_address(ip)
if not ip_address.is_private:
# redirecting
return False
if options.fbidhttp:
if ip_address is None:
ip_address = to_ip_address(ip)
def test_is_ip_hostname(self):
self.assertTrue(is_ip_hostname('[::1]'))
self.assertTrue(is_ip_hostname('127.0.0.1'))
self.assertFalse(is_ip_hostname('localhost'))
self.assertFalse(is_ip_hostname('www.google.com'))
