Unvalidated http-->https redirect

SURFscz / SRAM-generic

Generic SRAM issues

0 stars 0 forks source link

Unvalidated http-->https redirect #21

Closed baszoetekouw closed 2 weeks ago

baszoetekouw commented 8 months ago

de guacomole host (pilot1) doet unvalidated http-->https redirects (maw: hij redirect je vriendelijk naar whatever host je in je HTTP Host header stopt, ook als hij die host niet zelf serveert):

╰─▶ telnet pilot1.sram.surf.nl 80
Trying 145.101.114.5...
Connected to pilot1.sram.surf.nl.
Escape character is '^]'.
GET / HTTP/1.1
Host: evilserver.com

HTTP/1.1 301 Moved Permanently
Location: https://evilserver.com/
Date: Fri, 12 Jan 2024 15:36:51 GMT
Content-Length: 17
Content-Type: text/plain; charset=utf-8

Moved Permanently

HarryKodden commented 8 months ago

issue confirmed

curl --request GET \
  --url http://proxy.pilot1.sram.surf.nl/ping \
  --header 'host: evilserver.com'

Adjust Treafik config

old:

  - "traefik.http.routers.httpCatchall.rule=HostRegexp(`{any:.+}`)"

new:

  - "traefik.http.routers.httpCatchall.rule=HostRegexp(`{any:.+}.pilot1.sram.surf.nl`)"