fix HTTP Host header
This commit is contained in:
ginuerzh
parent
49f2ee612a
commit
2e5601bfd6
2
auth.go
2
auth.go
@ -56,7 +56,7 @@ func (au *LocalAuthenticator) Add(k, v string) {
|
|||||||
au.kvs[k] = v
|
au.kvs[k] = v
|
||||||
}
|
}
|
||||||
|
|
||||||
// Reload parses config from r, then live reloads the bypass.
|
// Reload parses config from r, then live reloads the Authenticator.
|
||||||
func (au *LocalAuthenticator) Reload(r io.Reader) error {
|
func (au *LocalAuthenticator) Reload(r io.Reader) error {
|
||||||
var period time.Duration
|
var period time.Duration
|
||||||
kvs := make(map[string]string)
|
kvs := make(map[string]string)
|
||||||
|
|||||||
@ -45,12 +45,10 @@ var (
|
|||||||
|
|
||||||
// Load the certificate from cert and key files, will use the default certificate if the provided info are invalid.
|
// Load the certificate from cert and key files, will use the default certificate if the provided info are invalid.
|
||||||
func tlsConfig(certFile, keyFile string) (*tls.Config, error) {
|
func tlsConfig(certFile, keyFile string) (*tls.Config, error) {
|
||||||
if certFile == "" {
|
if certFile == "" || keyFile == "" {
|
||||||
certFile = defaultCertFile
|
certFile, keyFile = defaultCertFile, defaultKeyFile
|
||||||
}
|
|
||||||
if keyFile == "" {
|
|
||||||
keyFile = defaultKeyFile
|
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|||||||
@ -5,10 +5,11 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"runtime"
|
"runtime"
|
||||||
|
|
||||||
// _ "net/http/pprof"
|
_ "net/http/pprof"
|
||||||
|
|
||||||
"github.com/ginuerzh/gost"
|
"github.com/ginuerzh/gost"
|
||||||
"github.com/go-log/log"
|
"github.com/go-log/log"
|
||||||
@ -53,9 +54,11 @@ func init() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
// go func() {
|
if os.Getenv("PROFILING") != "" {
|
||||||
// log.Log(http.ListenAndServe("localhost:6060", nil))
|
go func() {
|
||||||
// }()
|
log.Log(http.ListenAndServe("127.0.0.1:16060", nil))
|
||||||
|
}()
|
||||||
|
}
|
||||||
|
|
||||||
// NOTE: as of 2.6, you can use custom cert/key files to initialize the default certificate.
|
// NOTE: as of 2.6, you can use custom cert/key files to initialize the default certificate.
|
||||||
tlsConfig, err := tlsConfig(defaultCertFile, defaultKeyFile)
|
tlsConfig, err := tlsConfig(defaultCertFile, defaultKeyFile)
|
||||||
|
|||||||
7
http.go
7
http.go
@ -128,14 +128,14 @@ func (h *httpHandler) handleRequest(conn net.Conn, req *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
host := req.Host
|
|
||||||
// try to get the actual host.
|
// try to get the actual host.
|
||||||
if v := req.Header.Get("Gost-Target"); v != "" {
|
if v := req.Header.Get("Gost-Target"); v != "" {
|
||||||
if h, err := decodeServerName(v); err == nil {
|
if h, err := decodeServerName(v); err == nil {
|
||||||
host = h
|
req.Host = h
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
host := req.Host
|
||||||
if _, port, _ := net.SplitHostPort(host); port == "" {
|
if _, port, _ := net.SplitHostPort(host); port == "" {
|
||||||
host = net.JoinHostPort(host, "80")
|
host = net.JoinHostPort(host, "80")
|
||||||
}
|
}
|
||||||
@ -152,7 +152,6 @@ func (h *httpHandler) handleRequest(conn net.Conn, req *http.Request) {
|
|||||||
log.Logf("[http] %s -> %s\n%s", conn.RemoteAddr(), conn.LocalAddr(), string(dump))
|
log.Logf("[http] %s -> %s\n%s", conn.RemoteAddr(), conn.LocalAddr(), string(dump))
|
||||||
}
|
}
|
||||||
|
|
||||||
req.Host = host
|
|
||||||
req.Header.Del("Gost-Target")
|
req.Header.Del("Gost-Target")
|
||||||
|
|
||||||
resp := &http.Response{
|
resp := &http.Response{
|
||||||
@ -305,6 +304,8 @@ func (h *httpHandler) authenticate(conn net.Conn, req *http.Request, resp *http.
|
|||||||
|
|
||||||
// probing resistance is enabled
|
// probing resistance is enabled
|
||||||
if ss := strings.SplitN(h.options.ProbeResist, ":", 2); len(ss) == 2 {
|
if ss := strings.SplitN(h.options.ProbeResist, ":", 2); len(ss) == 2 {
|
||||||
|
resp.StatusCode = http.StatusServiceUnavailable // default status code
|
||||||
|
|
||||||
switch ss[0] {
|
switch ss[0] {
|
||||||
case "code":
|
case "code":
|
||||||
resp.StatusCode, _ = strconv.Atoi(ss[1])
|
resp.StatusCode, _ = strconv.Atoi(ss[1])
|
||||||
|
|||||||
4
http2.go
4
http2.go
@ -463,6 +463,9 @@ func (h *http2Handler) authenticate(w http.ResponseWriter, r *http.Request, resp
|
|||||||
|
|
||||||
// probing resistance is enabled
|
// probing resistance is enabled
|
||||||
if ss := strings.SplitN(h.options.ProbeResist, ":", 2); len(ss) == 2 {
|
if ss := strings.SplitN(h.options.ProbeResist, ":", 2); len(ss) == 2 {
|
||||||
|
resp.StatusCode = http.StatusServiceUnavailable // default status code
|
||||||
|
w.Header().Del("Proxy-Agent")
|
||||||
|
|
||||||
switch ss[0] {
|
switch ss[0] {
|
||||||
case "code":
|
case "code":
|
||||||
resp.StatusCode, _ = strconv.Atoi(ss[1])
|
resp.StatusCode, _ = strconv.Atoi(ss[1])
|
||||||
@ -502,7 +505,6 @@ func (h *http2Handler) authenticate(w http.ResponseWriter, r *http.Request, resp
|
|||||||
resp.StatusCode = http.StatusProxyAuthRequired
|
resp.StatusCode = http.StatusProxyAuthRequired
|
||||||
resp.Header.Add("Proxy-Authenticate", "Basic realm=\"gost\"")
|
resp.Header.Add("Proxy-Authenticate", "Basic realm=\"gost\"")
|
||||||
} else {
|
} else {
|
||||||
w.Header().Del("Proxy-Agent")
|
|
||||||
resp.Header = http.Header{}
|
resp.Header = http.Header{}
|
||||||
resp.Header.Set("Server", "nginx/1.14.1")
|
resp.Header.Set("Server", "nginx/1.14.1")
|
||||||
resp.Header.Set("Date", time.Now().Format(http.TimeFormat))
|
resp.Header.Set("Date", time.Now().Format(http.TimeFormat))
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user