Commit 7c02a325 authored by Dietmar Maurer's avatar Dietmar Maurer

try to detect proxy loops

parent ec574446
...@@ -469,6 +469,11 @@ sub handle_api2_request { ...@@ -469,6 +469,11 @@ sub handle_api2_request {
return; return;
} }
if ($r->header('PVEDisableProxy')) {
$self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR, "proxy loop detected");
return;
}
$res->{proxy_params}->{tmpfilename} = $reqstate->{tmpfilename} if $upload_state; $res->{proxy_params}->{tmpfilename} = $reqstate->{tmpfilename} if $upload_state;
$self->proxy_request($reqstate, $clientip, $res->{proxy}, $method, $self->proxy_request($reqstate, $clientip, $res->{proxy}, $method,
...@@ -498,6 +503,9 @@ sub handle_spice_proxy_request { ...@@ -498,6 +503,9 @@ sub handle_spice_proxy_request {
my $rpcenv = $self->{rpcenv}; my $rpcenv = $self->{rpcenv};
$rpcenv->init_request(); $rpcenv->init_request();
my $clientip = $reqstate->{peer_host};
my $r = $reqstate->{request};
my $remip; my $remip;
if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) { if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
...@@ -508,6 +516,11 @@ sub handle_spice_proxy_request { ...@@ -508,6 +516,11 @@ sub handle_spice_proxy_request {
print "$$: CONNECT $vmid, $node, $spiceport\n" if $self->{debug}; print "$$: CONNECT $vmid, $node, $spiceport\n" if $self->{debug};
} }
if ($r->header('PVEDisableProxy')) {
$self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR, "proxy loop detected");
return;
}
$reqstate->{hdl}->timeout(0); $reqstate->{hdl}->timeout(0);
$reqstate->{hdl}->wbuf_max(64*10*1024); $reqstate->{hdl}->wbuf_max(64*10*1024);
...@@ -584,7 +597,10 @@ sub handle_spice_proxy_request { ...@@ -584,7 +597,10 @@ sub handle_spice_proxy_request {
"Host: ${connect_str}\015\012" . "Host: ${connect_str}\015\012" .
"Proxy-Connection: keep-alive\015\012" . "Proxy-Connection: keep-alive\015\012" .
"User-Agent: spiceproxy\015\012" . "User-Agent: spiceproxy\015\012" .
"PVEDisableProxy: true\015\012" .
"PVEClientIP: $clientip\015\012" .
"\015\012"; "\015\012";
$reqstate->{proxyhdl}->push_write($header); $reqstate->{proxyhdl}->push_write($header);
$reqstate->{proxyhdl}->push_read(line => sub { $reqstate->{proxyhdl}->push_read(line => sub {
my ($hdl, $line) = @_; my ($hdl, $line) = @_;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment