admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HTTP proxy authentication fixes (#300)

Browse Source 
- Only accepts HTTP 1.x protocols
- Only checks the credentials when the method is `CONNECT` or the request URL is absolute
- More logging on authorization failures
- Removes the authorization headers before forwarding the HTTP(s) requests
- Refers to #298
This commit is contained in:
Quentin McGaw
2020-12-01 22:29:31 -05:00
committed by GitHub
parent fb62910b17
commit 84944a87d3
3 changed files with 41 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/httpproxy/handler.go
View File

@@ -34,10 +34,15 @@ type handler struct {
}
func (h *handler) ServeHTTP(responseWriter http.ResponseWriter, request *http.Request) {
if len(h.username) > 0 && !isAuthorized(responseWriter, request, h.username, h.password) {
h.logger.Info("%s unauthorized", request.RemoteAddr)
if !h.isAccepted(responseWriter, request) {
return
}
if !h.isAuthorized(responseWriter, request) {
return
}
request.Header.Del("Proxy-Connection")
request.Header.Del("Proxy-Authenticate")
request.Header.Del("Proxy-Authorization")
switch request.Method {
case http.MethodConnect:
h.handleHTTPS(responseWriter, request)