search

azukaar / Cosmos-Server

☁️ The Most Secure and Easy Selfhosted Home Server. Take control of your data and privacy without sacrificing security and stability (Authentication, anti-DDOS, anti-bot)
https://cosmos-cloud.io
Other
3.65k stars 130 forks source link

Added TrustedProxies parameter #339

Open InterN0te opened 1 month ago

InterN0te commented 1 month ago

Added TrustedProxies parameter in settings :

image

For requests from these IPs, the shield will use the IP in X-Forwarded-For (if defined) to identify the client to block and thus avoid blocking the proxy server IP image

image

InterN0te commented 1 month ago

Added the real client IP as ClientID in Context and used this for IP abuse count/block/ban :

func ClientRealIP(next http.Handler)

```go func ClientRealIP(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { clientID := GetClientIP(r) if(clientID == ""){ http.Error(w, "Invalid request", http.StatusBadRequest) return } ctx := context.WithValue(r.Context(), "ClientID", clientID) r = r.WithContext(ctx) next.ServeHTTP(w, r) }) } ```

Use Real Client IP

```go func BlockByCountryMiddleware(blockedCountries []string, CountryBlacklistIsWhitelist bool) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ip, ok := r.Context().Value("ClientID").(string) if !ok { http.Error(w, "Invalid request", http.StatusBadRequest) return } [...] } ```

image

image

(103.X.X.135 is my trusted proxy that can no longer be blocked)