[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #13171 [meek]: meek's reflector should forward the client's IP address/port to the bridge.
#13171: meek's reflector should forward the client's IP address/port to the bridge.
-------------------------+------------------------------
Reporter: yawning | Owner: dcf
Type: enhancement | Status: needs_review
Priority: Medium | Milestone:
Component: meek | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------
Changes (by dcf):
* status: new => needs_review
* severity: => Normal
Comment:
Here's a branch for review:
https://gitweb.torproject.org/pluggable-
transports/meek.git/log/?h=bug13171
https://gitweb.torproject.org/pluggable-
transports/meek.git/diff/?h=bug13171&id=5a6b70d22574f4720cd71b2e47a18fe73cdb8e11&id2=ed3e8c9b0c34db38ffcd99a0d38d7d4fc1785a62
It adds support for reading `X-Forwarded-For`, which is set by the Amazon
and Azure CDNs, to meek-server. Additionally it recognizes a new made-up
header `Meek-IP` as a synonym for `X-Forwarded-For`, for App Engine which
[https://cloud.google.com/appengine/docs/go/urlfetch/#Go_Request_headers
does not allow you to set X-Forwarded-For]:
For security reasons, the following headers cannot be modified by the
application: `Content-Length`, `Host`, `Vary`, `Via`, `X-Appengine-
Inbound-Appid`, `X-Forwarded-For`, `X-ProxyUser-IP`.
In the absence of an `X-Forwarded-For` or `Meek-IP` header, we fall back
(as before) on the client's source address
([https://golang.org/pkg/net/http/#Request Request.RemoteAddr]). If one of
the headers is present but cannot be parsed, we ''do not'' fall back to
`Request.RemoteAddr`, because in that case we do not know what the true
client address is, but it is probably different from `Request.RemoteAddr`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13171#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs