mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-07-10 00:14:38 +00:00
NewRestrictedOutboundHTTPClient validates target IPs via a custom DialContext, but when an HTTP proxy is configured (HTTP_PROXY env var) DialContext only validates the proxy's address — the actual target host is never checked. This allows requests to cloud metadata service addresses (169.254.169.254) and other blocked IPs through the proxy. Add a restrictedRoundTripper wrapper that validates the request URL hostname against resolvePermittedOutboundIP before forwarding. This provides defense-in-depth that works regardless of proxy configuration, while the existing DialContext guard continues to prevent DNS rebinding for direct connections. |
||
|---|---|---|
| .. | ||
| httpurl.go | ||
| outbound_http.go | ||
| outbound_http_test.go | ||
| websocket_origin.go | ||