From 8234becde2f84105047d5e52013ef61ad80fb411 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= Date: Mon, 19 Aug 2024 04:03:24 +0200 Subject: [PATCH] Now, trusted sources is also to identify a valid origin for a X_FORWARDED_FOR... To be tested! --- server/src/uds/core/util/config.py | 2 +- server/src/uds/middleware/request.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/server/src/uds/core/util/config.py b/server/src/uds/core/util/config.py index 7ea57736e..2c8c4a992 100644 --- a/server/src/uds/core/util/config.py +++ b/server/src/uds/core/util/config.py @@ -616,7 +616,7 @@ class GlobalConfig: 'Trusted Hosts', '*', type=Config.FieldType.TEXT, - help=_('Networks considered "trusted" for tunnel requests'), + help=_('Networks considered "trusted" for UDS (Tunnels, Load Balancers, etc...)'), ) # Allow clients to notify their own ip (if set), or use always the request extracted IP diff --git a/server/src/uds/middleware/request.py b/server/src/uds/middleware/request.py index b54cfa39b..b593ea922 100644 --- a/server/src/uds/middleware/request.py +++ b/server/src/uds/middleware/request.py @@ -39,6 +39,7 @@ from uds.core.util import os_detector as OsDetector from uds.core.util.config import GlobalConfig from uds.core import consts, types from uds.core.auths.auth import ( + is_trusted_source, root_user, web_logout, ) @@ -91,7 +92,7 @@ def _fill_ips(request: 'ExtendedHttpRequest') -> None: # request.ip = PROXY3 # request.ip_proxy = PROXY2 - if behind_proxy: + if behind_proxy and is_trusted_source(request.ip): request.ip = request.ip_proxy request.ip_proxy = proxies[1] if len(proxies) > 1 else request.ip