def get_trusted_downstream(tdstream): result = set() for ip in tdstream.split(','): ip = ip.strip() if ip: to_ip_address(ip) result.add(ip) return result
def get_trusted_downstream(options): tdstream = set() for ip in options.tdstream.split(','): ip = ip.strip() if ip: to_ip_address(ip) tdstream.add(ip) return tdstream
def is_forbidden(self, context, hostname): ip = context.address[0] lst = context.trusted_downstream ip_address = None if lst and ip not in lst: logging.warning( 'IP {!r} not found in trusted downstream {!r}'.format(ip, lst)) return True if context._orig_protocol == 'http': if redirecting and not is_ip_hostname(hostname): ip_address = to_ip_address(ip) if not ip_address.is_private: # redirecting return False if options.fbidhttp: if ip_address is None: ip_address = to_ip_address(ip)
def is_forbidden(self, context, hostname): ip = context.address[0] lst = context.trusted_downstream if lst and ip not in lst: logging.warning( 'IP {!r} not found in trusted downstream {!r}'.format(ip, lst)) return True if open_to_public['http'] and context._orig_protocol == 'http': if not to_ip_address(ip).is_private: if open_to_public['https'] and options.redirect: if not is_ip_hostname(hostname): # redirecting return False if options.fbidhttp: logging.warning('Public plain http request is forbidden.') return True
def is_forbidden(self): """ Following requests are forbidden: * requests not come from trusted_downstream (if set). * non-https requests from a public network. """ context = self.request.connection.context ip = context.address[0] lst = context.trusted_downstream if lst and ip not in lst: logging.warning( 'IP {!r} not found in trusted downstream {!r}'.format(ip, lst)) return True if context._orig_protocol == 'http': ipaddr = to_ip_address(ip) if not ipaddr.is_private: logging.warning('Public non-https request is forbidden.') return True