Allow whitelisting and blacklisting of http/http2

2017-04-10 13:49:39 +02:00 · 2017-04-10 13:49:39 +02:00 · b31d0e9c8a
commit b31d0e9c8a
parent ff2635678a
1 changed files with 14 additions and 3 deletions
--- a/http.go
+++ b/http.go
@ -5,14 +5,15 @@ import (
 	"crypto/tls"
 	"encoding/base64"
 	"errors"
-	"github.com/ginuerzh/pht"
-	"github.com/golang/glog"
-	"golang.org/x/net/http2"
 	"io"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"time"
+
+	"github.com/ginuerzh/pht"
+	"github.com/golang/glog"
+	"golang.org/x/net/http2"
 )

 type HttpServer struct {
@ -75,6 +76,11 @@ func (s *HttpServer) HandleRequest(req *http.Request) {
 		return
 	}

+	if !s.Base.Node.Can("tcp", req.Host) {
+		glog.Errorf("Unauthorized to tcp connect to %s", req.Host)
+		return
+	}
+
 	c, err := s.Base.Chain.Dial(req.Host)
 	if err != nil {
 		glog.V(LWARNING).Infof("[http] %s -> %s : %s", s.conn.RemoteAddr(), req.Host, err)
@ -184,6 +190,11 @@ func (s *Http2Server) HandleRequest(w http.ResponseWriter, req *http.Request) {

 	w.Header().Set("Proxy-Agent", "gost/"+Version)

+	if !s.Base.Node.Can("tcp", target) {
+		glog.Errorf("Unauthorized to tcp connect to %s", target)
+		return
+	}
+
 	// HTTP2 as transport
 	if req.Header.Get("Proxy-Switch") == "gost" {
 		conn, err := s.Upgrade(w, req)