1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199
|
package net.i2p.router.web;
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.i2p.I2PAppContext;
import net.i2p.data.DataHelper;
import net.i2p.util.Addresses;
import net.i2p.util.Log;
import net.i2p.util.PortMapper;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
/**
* Block certain Host headers to prevent DNS rebinding attacks.
*
* This Handler wraps the ContextHandlerCollection, which handles
* all the webapps (not just routerconsole).
* Therefore, this protects all the webapps.
*
* @since 0.9.32
*/
public class HostCheckHandler extends GzipHandler
{
private final I2PAppContext _context;
private final PortMapper _portMapper;
private final Set<String> _listenHosts;
private static final String PROP_REDIRECT = "routerconsole.redirectToHTTPS";
private static final String PROP_GZIP = "routerconsole.enableCompression";
/**
* MUST call setListenHosts() afterwards.
*/
public HostCheckHandler(I2PAppContext ctx) {
super();
_context = ctx;
_portMapper = ctx.portMapper();
_listenHosts = new HashSet<String>(8);
setMinGzipSize(64*1024);
if (_context.getBooleanPropertyDefaultTrue(PROP_GZIP)) {
addIncludedMimeTypes(
// our js is very small
//"application/javascript", "application/x-javascript",
"application/xhtml+xml", "application/xml",
// ditto svg
//"image/svg+xml",
"text/css", "text/html", "text/plain"
);
} else {
// poorly documented, but we must put something in,
// if empty all are matched,
// see IncludeExcludeSet
addIncludedMimeTypes("xyzzy");
}
}
/**
* Set the legal hosts.
* Not synched. Call this BEFORE starting.
* If empty, all are allowed.
*
* @param hosts contains hostnames or IPs. But we allow all IPs anyway.
*/
public void setListenHosts(Set<String> hosts) {
_listenHosts.clear();
_listenHosts.addAll(hosts);
}
/**
* Block by Host header,
* redirect HTTP to HTTPS,
* pass everything else to the delegate.
*/
public void handle(String pathInContext,
Request baseRequest,
HttpServletRequest httpRequest,
HttpServletResponse httpResponse)
throws IOException, ServletException
{
String host = httpRequest.getHeader("Host");
if (!allowHost(host)) {
Log log = _context.logManager().getLog(HostCheckHandler.class);
host = DataHelper.stripHTML(getHost(host));
String s = "Console request denied.\n" +
" To allow access using the hostname \"" + host + "\",\n" +
" add the line \"" + RouterConsoleRunner.PROP_ALLOWED_HOSTS + '=' + host + "\"\n" +
" to advanced configuration and restart.";
log.logAlways(Log.WARN, s);
httpResponse.sendError(403, s);
baseRequest.setHandled(true);
return;
}
// redirect HTTP to HTTPS if available, AND:
// either 1) PROP_REDIRECT is set to true;
// or 2) PROP_REDIRECT is unset and the Upgrade-Insecure-Requests request header is set
// https://w3c.github.io/webappsec-upgrade-insecure-requests/
if (!httpRequest.isSecure()) {
int httpsPort = _portMapper.getPort(PortMapper.SVC_HTTPS_CONSOLE);
if (httpsPort > 0 && httpRequest.getLocalPort() != httpsPort) {
String redir = _context.getProperty(PROP_REDIRECT);
if (Boolean.valueOf(redir) ||
(redir == null && "1".equals(httpRequest.getHeader("Upgrade-Insecure-Requests")))) {
sendRedirect(httpsPort, httpRequest, httpResponse);
baseRequest.setHandled(true);
return;
}
}
}
super.handle(pathInContext, baseRequest, httpRequest, httpResponse);
}
/**
* Should we allow a request with this Host header?
*
* ref: https://en.wikipedia.org/wiki/DNS_rebinding
*
* @param host the HTTP Host header, null ok
* @return true if OK
*/
private boolean allowHost(String host) {
if (host == null)
return true;
// common cases
if (host.equals("127.0.0.1:7657") ||
host.equals("localhost:7657") ||
host.equals("[::1]:7657") ||
host.equals("127.0.0.1:7667") ||
host.equals("localhost:7667") ||
host.equals("[::1]:7667"))
return true;
// all allowed?
if (_listenHosts.isEmpty())
return true;
host = getHost(host);
if (_listenHosts.contains(host))
return true;
// allow all IP addresses
if (Addresses.isIPAddress(host))
return true;
//System.out.println(host + " not found in " + s);
return false;
}
/**
* Strip [] and port from a host header
*
* @param host the HTTP Host header non-null
*/
private static String getHost(String host) {
if (host.startsWith("[")) {
host = host.substring(1);
int brack = host.indexOf(']');
if (brack >= 0)
host = host.substring(0, brack);
} else {
int colon = host.indexOf(':');
if (colon >= 0)
host = host.substring(0, colon);
}
return host;
}
/**
* Redirect to HTTPS
*
* @since 0.9.34
*/
private static void sendRedirect(int httpsPort, HttpServletRequest httpRequest,
HttpServletResponse httpResponse) throws IOException {
StringBuilder buf = new StringBuilder(64);
buf.append("https://");
String name = httpRequest.getServerName();
boolean ipv6 = name.indexOf(':') >= 0 && !name.startsWith("[");
if (ipv6)
buf.append('[');
buf.append(name);
if (ipv6)
buf.append(']');
buf.append(':').append(httpsPort)
.append(httpRequest.getRequestURI());
String q = httpRequest.getQueryString();
if (q != null)
buf.append('?').append(q);
httpResponse.setHeader("Location", buf.toString());
// https://w3c.github.io/webappsec-upgrade-insecure-requests/
httpResponse.setHeader("Vary", "Upgrade-Insecure-Requests");
httpResponse.setStatus(307);
httpResponse.getOutputStream().close();
}
}
|