Skip to content

R
re6stnet
Commit 7cdf00d7 authored by Julien Muchembled's avatar Julien Muchembled
Browse files
Options

registry: fix security of some RPC when serving behind proxy

parent 3b5d03e4
Show whitespace changes
Inline Side-by-side
Showing with 7 additions and 4 deletions
re6st/registry.py
View file @ 7cdf00d7
...@@ -161,10 +161,13 @@ class RegistryServer(object): ...@@ -161,10 +161,13 @@ class RegistryServer(object):
# (IOW, do the contrary of newPrefix) # (IOW, do the contrary of newPrefix)
self.timeout = not_after and not_after + GRACE_PERIOD self.timeout = not_after and not_after + GRACE_PERIOD
def handle_request(self, request, method, kw): def handle_request(self, request, method, kw,
_localhost=('127.0.0.1', '::1')):
m = getattr(self, method) m = getattr(self, method)
if method in ('versions', 'topology',) and \ if method in ('versions', 'topology'):
request.client_address[0] not in ('127.0.0.1', '::1'): x_forwarded_for = request.headers.get('X-Forwarded-For')
if request.client_address[0] not in _localhost or \
x_forwarded_for and x_forwarded_for not in _localhost:
return request.send_error(httplib.FORBIDDEN) return request.send_error(httplib.FORBIDDEN)
key = m.getcallargs(**kw).get('cn') key = m.getcallargs(**kw).get('cn')
if key: if key:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7