2017-10-16 12:46:03 +02:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
|
2017-12-04 20:04:08 +01:00
|
|
|
"github.com/containous/traefik/log"
|
2017-10-16 12:46:03 +02:00
|
|
|
"github.com/containous/traefik/whitelist"
|
|
|
|
"github.com/vulcand/oxy/forward"
|
|
|
|
)
|
|
|
|
|
|
|
|
// NewHeaderRewriter Create a header rewriter
|
|
|
|
func NewHeaderRewriter(trustedIPs []string, insecure bool) (forward.ReqRewriter, error) {
|
2018-04-23 16:20:05 +02:00
|
|
|
ips, err := whitelist.NewIP(trustedIPs, insecure, true)
|
2017-10-16 12:46:03 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-04-23 16:20:05 +02:00
|
|
|
hostname, err := os.Hostname()
|
2017-10-16 12:46:03 +02:00
|
|
|
if err != nil {
|
2018-04-23 16:20:05 +02:00
|
|
|
hostname = "localhost"
|
2017-10-16 12:46:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return &headerRewriter{
|
2018-04-23 16:20:05 +02:00
|
|
|
secureRewriter: &forward.HeaderRewriter{TrustForwardHeader: false, Hostname: hostname},
|
|
|
|
insecureRewriter: &forward.HeaderRewriter{TrustForwardHeader: true, Hostname: hostname},
|
|
|
|
ips: ips,
|
2017-10-16 12:46:03 +02:00
|
|
|
insecure: insecure,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type headerRewriter struct {
|
|
|
|
secureRewriter forward.ReqRewriter
|
|
|
|
insecureRewriter forward.ReqRewriter
|
|
|
|
insecure bool
|
|
|
|
ips *whitelist.IP
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *headerRewriter) Rewrite(req *http.Request) {
|
2018-04-23 16:20:05 +02:00
|
|
|
if h.insecure {
|
|
|
|
h.insecureRewriter.Rewrite(req)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
err := h.ips.IsAuthorized(req)
|
2017-12-04 20:04:08 +01:00
|
|
|
if err != nil {
|
2018-05-30 09:26:03 +02:00
|
|
|
log.Debug(err)
|
2017-12-04 20:04:08 +01:00
|
|
|
h.secureRewriter.Rewrite(req)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-04-23 16:20:05 +02:00
|
|
|
h.insecureRewriter.Rewrite(req)
|
2017-10-16 12:46:03 +02:00
|
|
|
}
|