From 3d9330ba946ee98e5eb6a0a86354dfc6d965c87f Mon Sep 17 00:00:00 2001 From: ardiprasetiyo Date: Sun, 31 Oct 2021 21:47:12 +0700 Subject: [PATCH 1/2] fix: prevent request to proxy url/port --- lib/requestHandler.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/requestHandler.js b/lib/requestHandler.js index 6a6c6c034..12f85faba 100644 --- a/lib/requestHandler.js +++ b/lib/requestHandler.js @@ -295,6 +295,13 @@ function getUserReqHandler(userRule, recorder) { // construct the original headers as the reqheaders req.headers = util.getHeaderFromRawHeaders(req.rawHeaders); + // refer to https://github.com/alibaba/anyproxy/issues/555 + // prevent request to proxy port + const selfIpAddresses = util.getAllIpAddress() + selfIpAddresses.push('localhost') + const isSelfIpAddress = selfIpAddresses.find((ip) => host.indexOf(ip) === 0) + if (isSelfIpAddress) return userRes.writeHead(405).end() + logUtil.printLog(color.green(`received request to: ${req.method} ${host}${path}`)); /** From bf2c0c09580608429948abb72a588c22a7dd8ca1 Mon Sep 17 00:00:00 2001 From: ardiprasetiyo Date: Mon, 1 Nov 2021 10:18:52 +0700 Subject: [PATCH 2/2] fix: add port and request method validation --- lib/requestHandler.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/requestHandler.js b/lib/requestHandler.js index 12f85faba..062553ba4 100644 --- a/lib/requestHandler.js +++ b/lib/requestHandler.js @@ -299,7 +299,8 @@ function getUserReqHandler(userRule, recorder) { // prevent request to proxy port const selfIpAddresses = util.getAllIpAddress() selfIpAddresses.push('localhost') - const isSelfIpAddress = selfIpAddresses.find((ip) => host.indexOf(ip) === 0) + + const isSelfIpAddress = selfIpAddresses.find((ip) => host === `${ip}:${reqHandlerCtx.httpServerPort}` && req.method !== 'CONNECT') if (isSelfIpAddress) return userRes.writeHead(405).end() logUtil.printLog(color.green(`received request to: ${req.method} ${host}${path}`));