Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(web): add trusted proxies feature #3524

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat(web): add trusted proxies feature #3524

wants to merge 2 commits into from

Conversation

joelwurtz
Copy link
Contributor

@joelwurtz joelwurtz commented Dec 10, 2024
edited by robjtede
Loading

PR Type

Feature

PR Checklist

  • Tests for the changes have been added / updated.
  • Documentation comments have been added / updated.
  • A changelog entry has been made for the appropriate packages.
  • Format code with the latest stable rustfmt.
  • (Team) Label with affected crates and semver status.

Overview

This PR aims to add the possibility for end user to correctly trust information from the ConnectInfo object : host, scheme and real ip of end user.

Actually everything is trusted which can be a security risk if some endpoint need to check the ip of end user as someone may forge a request with a Forwarded or X-Forwarded-* headers and then expose sensitive data to this person.

Even if the doc clearly state that it can be a security risk trusting this, you have to implement this logic by yourself, i do believe proposing a correct implementation for trusting ip and other headers has its place under actix also this enforce better security by default.

Current default will trust

  • IpV4 loopback address
  • IpV4 private networks
  • IpV6 loopback address
  • IpV6 private networks
  • Forwarded header

Which means that if this is merged other headers will not be trusted anymore, i'm wondering if this should be considered as a BC break then (since user may not have the same information as before given their network / proxy configuration in front of their actix web server)

@joelwurtz joelwurtz force-pushed the feat/trusted-proxies branch from 297d025 to f4476fb Compare December 10, 2024 11:09
@joelwurtz joelwurtz mentioned this pull request Dec 10, 2024
Open
5 tasks
@robjtede
Copy link
Member

robjtede commented Dec 10, 2024
edited
Loading

I think this is slightly too opinionated to add to Actix Web itself. We could do with some experimentation. I've done similar work specific to the Cloudflare headers here: https://github.com/robjtede/actix-web-lab/tree/main/actix-client-ip-cloudflare

What do you think about moving this to the -lab crate initially so we can freely mess with the API?

@robjtede robjtede added B-semver-minor A-web project: actix-web labels Dec 10, 2024
@joelwurtz
Copy link
Contributor Author

joelwurtz commented Dec 10, 2024
edited
Loading

I'm fine with that, what would be the API for this then, only a helper that given a trusted proxies gives you all field ?

However, I dont think it's too much opinionated i have based the current implementation given the current RFC recommendation and also existing web framework (mostly symfony, which does that from a long time and it works fine for most users)

Also we could have a default implementation that accepts everything by default so there is no behavior change.

EDIT : I have just saw the ip cloudflare crate on lab, and yeah it may be better to do that here. What do you think of having a crate that use this code and add a feature for cloudflare which allow to fetch their ip to automatically populate the trusted proxies ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
A-web project: actix-web B-semver-minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joelwurtz @robjtede