[Python] Cmd line parameter to log proxied clients #351
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Added a command line parameter, '--log-proxied-client' to enable logging of intermediate proxies; * only supports X-Forwarded-For header.
CendioOssman
requested changes
May 9, 2018
| @@ -17,6 +17,7 @@ | |||
|
|
|||
| from websockify.websocket import WebSocket, WebSocketWantReadError, WebSocketWantWriteError | |||
|
|
|||
|
|
|||
| immediate_client = super(WebSocketRequestHandler, self).address_string() | ||
| fwd_for = self.headers.get("X-Forwarded-For", None) | ||
| if show_proxied and fwd_for: | ||
| return "{},{}".format(fwd_for, immediate_client) |
There was a problem hiding this comment.
This format string isn't compatible with Python 2.6, which is our current baseline.
| @@ -88,24 +88,29 @@ def __init__(self, req, addr, server): | |||
| self.daemon = getattr(server, "daemon", False) | |||
| self.record = getattr(server, "record", False) | |||
| self.run_once = getattr(server, "run_once", False) | |||
| self.rec = None | |||
| self.rec = None | |||
| _, exc, _ = sys.exc_info() | ||
| # Connection was not a WebSockets connection | ||
| if exc.args[0]: | ||
| self.msg("%s: %s" % (address[0], exc.args[0])) | ||
| orig_client = getattr(e, 'orig_client', None) |
There was a problem hiding this comment.
I don't think we should start piggy-backing extra information on the exception object. Better to add this information to the connection object somewhere.
|
Ping @praimmugen. |
|
Sorry, had to divert my attention to something else. Will get back to this on the weekend - I see there are some conflicts, too, so better not to wait too much. |
|
No response. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When running behind a reverse proxy, websockify doesn't currently read and log anything that could provide information on the originating client.
This code adds a startup flag (
--log-proxied-client) to enable logging of originating client plus intermediate proxies. Information is retrieved from the "X-Forwarded-For" header (if present). The immediate client would be logged too at the end of the content of the header, separated by a comma.Eg:
127.0.0.1: Token 'abcd' not found--log-proxied-clientoption:192.168.0.51,127.0.0.1: Token 'abcd' not foundSee also #334