use of org.graylog2.utilities.IpSubnet in project graylog2-server by Graylog2.
the class CidrMatch method evaluate.
@Override
public Boolean evaluate(FunctionArgs args, EvaluationContext context) {
final IpSubnet cidr = cidrParam.required(args, context);
final IpAddress ipAddress = ipParam.required(args, context);
if (cidr == null || ipAddress == null) {
return null;
}
return cidr.contains(ipAddress.inetAddress());
}
use of org.graylog2.utilities.IpSubnet in project graylog2-server by Graylog2.
the class RestTools method getRemoteAddrFromRequest.
/**
* If X-Forwarded-For request header is set, and the request came from a trusted source,
* return the value of X-Forwarded-For. Otherwise return {@link Request#getRemoteAddr()}.
*/
public static String getRemoteAddrFromRequest(Request request, Set<IpSubnet> trustedSubnets) {
final String remoteAddr = request.getRemoteAddr();
final String XForwardedFor = request.getHeader("X-Forwarded-For");
if (XForwardedFor != null) {
for (IpSubnet s : trustedSubnets) {
try {
if (s.contains(remoteAddr)) {
// Request came from trusted source, trust X-Forwarded-For and return it
return XForwardedFor;
}
} catch (UnknownHostException e) {
// ignore silently, probably not worth logging
}
}
}
// Request did not come from a trusted source, or the X-Forwarded-For header was not set
return remoteAddr;
}
use of org.graylog2.utilities.IpSubnet in project graylog2-server by Graylog2.
the class RestToolsTest method getRemoteAddrFromRequestWorksWithIPv6IfSubnetsContainsOnlyIPv4.
@Test
public void getRemoteAddrFromRequestWorksWithIPv6IfSubnetsContainsOnlyIPv4() throws Exception {
final Request request = mock(Request.class);
when(request.getRemoteAddr()).thenReturn("2001:DB8::42");
when(request.getHeader("X-Forwarded-For")).thenReturn("2001:DB8::1");
final String s = RestTools.getRemoteAddrFromRequest(request, Collections.singleton(new IpSubnet("127.0.0.1/32")));
assertThat(s).isEqualTo("2001:DB8::42");
}
use of org.graylog2.utilities.IpSubnet in project graylog2-server by Graylog2.
the class RestToolsTest method getRemoteAddrFromRequestReturnsHeaderContentWithXForwardedForHeaderFromTrustedNetwork.
@Test
public void getRemoteAddrFromRequestReturnsHeaderContentWithXForwardedForHeaderFromTrustedNetwork() throws Exception {
final Request request = mock(Request.class);
when(request.getRemoteAddr()).thenReturn("127.0.0.1");
when(request.getHeader("X-Forwarded-For")).thenReturn("192.168.100.42");
final String s = RestTools.getRemoteAddrFromRequest(request, Collections.singleton(new IpSubnet("127.0.0.0/8")));
assertThat(s).isEqualTo("192.168.100.42");
}
use of org.graylog2.utilities.IpSubnet in project graylog2-server by Graylog2.
the class RestToolsTest method getRemoteAddrFromRequestReturnsClientAddressWithXForwardedForHeaderFromUntrustedNetwork.
@Test
public void getRemoteAddrFromRequestReturnsClientAddressWithXForwardedForHeaderFromUntrustedNetwork() throws Exception {
final Request request = mock(Request.class);
when(request.getRemoteAddr()).thenReturn("192.168.0.1");
when(request.getHeader("X-Forwarded-For")).thenReturn("192.168.100.42");
final String s = RestTools.getRemoteAddrFromRequest(request, Collections.singleton(new IpSubnet("127.0.0.0/8")));
assertThat(s).isEqualTo("192.168.0.1");
}
Aggregations