UseForwardedHeaders with known proxies

2024-11-22 12:15:36 +01:00 · 2019-04-26 09:52:54 -04:00 · 2019-04-26 09:52:54 -04:00 · e6baa1490c
commit e6baa1490c
parent 8b80478a97
5 changed files with 33 additions and 8 deletions
--- a/src/Admin/Startup.cs
+++ b/src/Admin/Startup.cs
@ -104,10 +104,7 @@ namespace Bit.Admin
            if(globalSettings.SelfHosted)
            {
                app.UsePathBase("/admin");
-                app.UseForwardedHeaders(new ForwardedHeadersOptions
-                {
-                    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
-                });
+                app.UseForwardedHeaders(globalSettings);
            }

            if(env.IsDevelopment())
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -171,10 +171,7 @@ namespace Bit.Api
            }
            else
            {
-                app.UseForwardedHeaders(new ForwardedHeadersOptions
-                {
-                    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
-                });
+                app.UseForwardedHeaders(globalSettings);
            }

            // Add static files to the request pipeline.
--- a/src/Core/GlobalSettings.cs
+++ b/src/Core/GlobalSettings.cs
@ -5,6 +5,7 @@ namespace Bit.Core
    public class GlobalSettings
    {
        public bool SelfHosted { get; set; }
+        public virtual string KnownProxies { get; set; }
        public virtual string SiteName { get; set; }
        public virtual string StripeApiKey { get; set; }
        public virtual string ProjectName { get; set; }
--- a/src/Core/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Core/Utilities/ServiceCollectionExtensions.cs
@ -27,6 +27,8 @@ using Microsoft.Extensions.DependencyInjection.Extensions;
 using IdentityServer4.AccessTokenValidation;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.HttpOverrides;
+using System.Linq;

 namespace Bit.Core.Utilities
 {
@ -390,5 +392,29 @@ namespace Bit.Core.Utilities
                await next.Invoke();
            });
        }
+
+        public static void UseForwardedHeaders(this IApplicationBuilder app, GlobalSettings globalSettings)
+        {
+            var options = new ForwardedHeadersOptions
+            {
+                ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
+            };
+            if(!string.IsNullOrWhiteSpace(globalSettings.KnownProxies))
+            {
+                var proxies = globalSettings.KnownProxies.Split(',');
+                foreach(var proxy in proxies)
+                {
+                    if(System.Net.IPAddress.TryParse(proxy, out var ip))
+                    {
+                        options.KnownProxies.Add(ip);
+                    }
+                }
+            }
+            if(options.KnownProxies.Count > 1)
+            {
+                options.ForwardLimit = null;
+            }
+            app.UseForwardedHeaders(options);
+        }
    }
 }
--- a/src/Identity/Startup.cs
+++ b/src/Identity/Startup.cs
@ -97,6 +97,10 @@ namespace Bit.Identity
                // Rate limiting
                app.UseMiddleware<CustomIpRateLimitMiddleware>();
            }
+            else
+            {
+                app.UseForwardedHeaders(globalSettings);
+            }

            // Add current context
            app.UseMiddleware<CurrentContextMiddleware>();