You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue description
Recently I asked for a feature: #1600. Next day it was implemented by #1602. Thanks, but I think this solution is very dangerous.
Let's see how current solution works:
// Iterates IP address which is between rangeforip:=ip.Mask(ipnet.Mask); ipnet.Contains(ip); utils.IncrementIPRange(ip) {
app.config.trustedProxiesMap[ip.String()] =struct{}{}
}
Actually, this solution just adds all IP adresses that networks contains in trustedProxiesMap, one by one.
Look at Cloudflare – most popular proxy for websites and, I think, the most popular case. What happens if we add all IPv4 Cloudflare networks to config.TrustedProxies? trustedProxiesMap will contain 1 786 880 IPs! Although it is extremely inefficient on memory, it can still be OK. But try to add at least one IPv6 Cloudflare IP network, and fiber will never finish adding IPs to trustedProxiesMap.
Spoiler
If we add all Cloudflare IPv6 networks, fiber need to process 1 109 194 275 199 700 726 309 617 091 584 IPs.
Code snippet
Just add all cloudflare (or any other big) IP networks to config to reproduce.
The text was updated successfully, but these errors were encountered:
sadfun
changed the title
🐛 Fiber never start with big IP networks in trustedProxies
🐛 Fiber never start with big IP networks in config.TrustedProxies
Oct 30, 2021
sadfun
changed the title
🐛 Fiber never start with big IP networks in config.TrustedProxies
🐛 Fiber will never start with big IP networks in config.TrustedProxies
Oct 30, 2021
* Fix using IP ranges in config.TrustedProxies (#1607)
* Add tests
* Remove debugging var
* Remove tests
* Update test
Co-authored-by: RW <rene@gofiber.io>
Fiber version
2.21.0
Issue description
Recently I asked for a feature: #1600. Next day it was implemented by #1602. Thanks, but I think this solution is very dangerous.
Let's see how current solution works:
Actually, this solution just adds all IP adresses that networks contains in trustedProxiesMap, one by one.
Look at Cloudflare – most popular proxy for websites and, I think, the most popular case. What happens if we add all IPv4 Cloudflare networks to
config.TrustedProxies
?trustedProxiesMap
will contain 1 786 880 IPs! Although it is extremely inefficient on memory, it can still be OK. But try to add at least one IPv6 Cloudflare IP network, and fiber will never finish adding IPs totrustedProxiesMap
.Spoiler
If we add all Cloudflare IPv6 networks, fiber need to process 1 109 194 275 199 700 726 309 617 091 584 IPs.Code snippet
Just add all cloudflare (or any other big) IP networks to config to reproduce.
Cloudflare networks
The text was updated successfully, but these errors were encountered: