def is_forbidden(self, context, hostname): ip = context.address[0] lst = context.trusted_downstream if lst and ip not in lst: logging.warning( 'IP {!r} not found in trusted downstream {!r}'.format(ip, lst)) return True if open_to_public['http'] and context._orig_protocol == 'http': if not to_ip_address(ip).is_private: if open_to_public['https'] and options.redirect: if not is_ip_hostname(hostname): # redirecting return False if options.fbidhttp: logging.warning('Public plain http request is forbidden.') return True
def is_forbidden(self, context, hostname): ip = context.address[0] lst = context.trusted_downstream ip_address = None if lst and ip not in lst: logging.warning( 'IP {!r} not found in trusted downstream {!r}'.format(ip, lst)) return True if context._orig_protocol == 'http': if redirecting and not is_ip_hostname(hostname): ip_address = to_ip_address(ip) if not ip_address.is_private: # redirecting return False if options.fbidhttp: if ip_address is None: ip_address = to_ip_address(ip)
def test_is_ip_hostname(self): self.assertTrue(is_ip_hostname('[::1]')) self.assertTrue(is_ip_hostname('127.0.0.1')) self.assertFalse(is_ip_hostname('localhost')) self.assertFalse(is_ip_hostname('www.google.com'))