mirror of
https://github.com/bolkedebruin/rdpgw.git
synced 2026-05-14 20:29:59 +00:00
13323f56cb
EnrichContext used to copy the first X-Forwarded-For entry into the request identity unconditionally. The resulting AttrClientIp drives client-IP comparisons later in the gateway-access flow, and a direct caller could set XFF to anything they liked. Add a small package-level allow-list: * InitTrustedProxies(cidrs) parses operator-supplied CIDRs once at startup. A bad CIDR is fatal, an empty list disables XFF entirely. * EnrichContext takes the client IP from r.RemoteAddr (host portion) and only swaps in the first X-Forwarded-For entry when r.RemoteAddr itself sits in a trusted-proxy CIDR. AttrProxies is set from the remaining XFF entries on the same condition. Wire Server.TrustedProxies through configuration.go to web.
1.4 KiB
1.4 KiB
Changelog
All user-visible changes to rdpgw will be documented in this file.
The format is based on Keep a Changelog, and the project adheres to Semantic Versioning.
[Unreleased]
Changed
X-Forwarded-Foris now honored only when the request arrives from aServer.TrustedProxiesCIDR. The defaultServer.TrustedProxiesis empty, so by default the request'sRemoteAddr(host portion) is the source ofAttrClientIp. See UPGRADING.md if your deployment relies on a fronting proxy stamping XFF.server.hostselection: anynow refuses destinations that resolve to loopback, RFC1918, link-local, IPv6 ULA, unspecified, or multicast addresses, and only forwards to ports inServer.AllowedDestinationPorts(default[3389]). Operators that need the old behavior can opt back in withServer.AllowPrivateDestinations: trueand an extended port list. See UPGRADING.md for migration notes. The other host-selection modes (roundrobin,signed,unsigned) already used the operator-curatedServer.Hostslist and are unaffected.
Added
Server.TrustedProxies([]string, CIDR, default empty).Server.AllowedDestinationPorts([]int, default[3389]).Server.AllowPrivateDestinations(bool, defaultfalse).