网站设置增加是否支持${serverAddr}选项/增强${serverAddr}安全性

2025-11-06 18:10:26 +08:00 · 2023-08-25 15:30:59 +08:00
parent 405b3615fe
commit aa7d67e387
1 changed files with 19 additions and 11 deletions
--- a/internal/nodes/http_request.go
+++ b/internal/nodes/http_request.go
@@ -855,6 +855,11 @@ func (this *HTTPRequest) Format(source string) string {
 		case "serverName":
 			return this.ServerName
 		case "serverAddr":
 			var nodeConfig = this.nodeConfig
 			if nodeConfig != nil && nodeConfig.GlobalServerConfig != nil && nodeConfig.GlobalServerConfig.HTTPAll.EnableServerAddrVariable {
 				if len(this.requestRemoteAddrs()) > 1 {
 					return "" // hidden for security
 				}
 				var requestConn = this.RawReq.Context().Value(HTTPConnContextKey)
 				if requestConn != nil {
 					conn, ok := requestConn.(net.Conn)
@@ -865,6 +870,7 @@ func (this *HTTPRequest) Format(source string) string {
 						}
 					}
 				}
 			}
 			return ""
 		case "serverPort":
 			return strconv.Itoa(this.requestServerPort())
@@ -1234,7 +1240,7 @@ func (this *HTTPRequest) requestRemoteAddrs() (result []string) {
 	var forwardedFor = this.RawReq.Header.Get("X-Forwarded-For")
 	if len(forwardedFor) > 0 {
 		commaIndex := strings.Index(forwardedFor, ",")
-		if commaIndex > 0 {
+		if commaIndex > 0 && !lists.ContainsString(result, forwardedFor[:commaIndex]) {
 			result = append(result, forwardedFor[:commaIndex])
 		}
 	}
@@ -1242,7 +1248,7 @@ func (this *HTTPRequest) requestRemoteAddrs() (result []string) {
 	// Real-IP
 	{
 		realIP, ok := this.RawReq.Header["X-Real-IP"]
-		if ok && len(realIP) > 0 {
+		if ok && len(realIP) > 0 && !lists.ContainsString(result, realIP[0]) {
 			result = append(result, realIP[0])
 		}
 	}
@@ -1250,7 +1256,7 @@ func (this *HTTPRequest) requestRemoteAddrs() (result []string) {
 	// Real-Ip
 	{
 		realIP, ok := this.RawReq.Header["X-Real-Ip"]
-		if ok && len(realIP) > 0 {
+		if ok && len(realIP) > 0 && !lists.ContainsString(result, realIP[0]) {
 			result = append(result, realIP[0])
 		}
 	}
@@ -1260,7 +1266,9 @@ func (this *HTTPRequest) requestRemoteAddrs() (result []string) {
 		var remoteAddr = this.RawReq.RemoteAddr
 		host, _, err := net.SplitHostPort(remoteAddr)
 		if err == nil {
 			if !lists.ContainsString(result, host) {
 				result = append(result, host)
 			}
 		} else {
 			result = append(result, remoteAddr)
 		}