cyonjan/frp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move ipfilter to router config

Browse Source
This commit is contained in:
ziv-codefresh 2022-09-25 12:38:38 +03:00
parent 2e6e38cab2
commit 9cca1613a5
4 changed files with 51 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
conf/frpc.ini
View File

@ -1,9 +1,15 @@
[common] [common]
server_addr = 127.0.0.1 server_addr = tunnel.io
server_port = 7000 server_port = 7005
;protocol = websocket
log_level = debug
[ssh] [web]
type = tcp type = tcp
local_ip = 127.0.0.1 local_port = 3002
local_port = 22 remote_port = 84
remote_port = 6000 meta_Authorization = {{ .Envs.AUTHORIZATION }}
subdomain = ziv
ips_allow_list = "127.0.1.1/16,192.198.100.10"
;http_user = abc
;http_pwd = abc

15
conf/frps.ini
View File

@ -1,2 +1,15 @@
[common] [common]
bind_port = 7000 bind_port = 7005
vhost_http_port=82
subdomain_host=tunnel.io
log_level = trace
;[plugin.codefresh]
;addr = 127.0.0.1:7200
;path = /newProxy
;ops = NewProxy
;[plugin.codefresh]
;addr = 127.0.0.1:7200
;path = /newWorkConn
;ops = Ping

11
pkg/util/vhost/http.go
View File

@ -20,7 +20,6 @@ import (
"encoding/base64" "encoding/base64"
"errors" "errors"
"fmt" "fmt"
"github.com/jpillora/ipfilter"
"log" "log"
"net" "net"
"net/http" "net/http"
@ -190,14 +189,8 @@ func (rp *HTTPReverseProxy) CheckRemoteAddress(domain, location, routeByHTTPUser
remoteAddWithoutPort := strings.Split(remoteAdd, ":")[0] remoteAddWithoutPort := strings.Split(remoteAdd, ":")[0]
vr, ok := rp.getVhost(domain, location, routeByHTTPUser) vr, ok := rp.getVhost(domain, location, routeByHTTPUser)
if ok { if ok {
ipsAllowList := vr.payload.(*RouteConfig).IpsAllowList if vr.ipValidator != nil {
if ipsAllowList != nil { return vr.ipValidator.Allowed(remoteAddWithoutPort)
// perhaps it's better to configure it once and check the remote address here
f := ipfilter.New(ipfilter.Options{
AllowedIPs: vr.payload.(*RouteConfig).IpsAllowList,
BlockByDefault: true,
})
return f.Allowed(remoteAddWithoutPort)
} }
} }
return true return true

31
pkg/util/vhost/router.go
View File

@ -2,9 +2,13 @@ package vhost
import ( import (
"errors" "errors"
"fmt"
"sort" "sort"
"strings" "strings"
"sync" "sync"
"unsafe"
"github.com/jpillora/ipfilter"
) )
var ( var (
@ -20,9 +24,10 @@ type Routers struct {
} }
type Router struct { type Router struct {
domain string domain string
location string location string
httpUser string httpUser string
ipValidator *ipfilter.IPFilter
// store any object here // store any object here
payload interface{} payload interface{}
@ -51,12 +56,22 @@ func (r *Routers) Add(domain, location, httpUser string, payload interface{}) er
vrs = make([]*Router, 0, 1) vrs = make([]*Router, 0, 1)
} }
vr := &Router{ var ipValidator *ipfilter.IPFilter
domain: domain, if payload.(*RouteConfig).IpsAllowList != nil {
location: location, ipValidator = ipfilter.New(ipfilter.Options{
httpUser: httpUser, AllowedIPs: payload.(*RouteConfig).IpsAllowList,
payload: payload, BlockByDefault: true,
})
} }
vr := &Router{
domain: domain,
location: location,
httpUser: httpUser,
ipValidator: ipValidator,
payload: payload,
}
fmt.Printf("Size of %T struct: %d bytes", vr, unsafe.Sizeof(*vr))
vrs = append(vrs, vr) vrs = append(vrs, vr)
sort.Sort(sort.Reverse(ByLocation(vrs))) sort.Sort(sort.Reverse(ByLocation(vrs)))