commit 2ac37d049d7b495f0f276d4394c4810e5052ca7c
author Daniel Gruno <humbedooh@apache.org> Wed Feb 24 20:07:29 2021 +0100
committer GitHub <noreply@github.com> Wed Feb 24 20:07:29 2021 +0100
tree be8ae1fb8ceed8afd63f88dccfd1cd5dabf75efc
parent 2252315cb23f6a856260e68a41d9ececc58eb60a

Grab remote IP from ip forward header if present

aardvark.py

diff --git a/aardvark.py b/aardvark.py
index 2e2d2d3..3635a24 100644
--- a/aardvark.py
+++ b/aardvark.py
@@ -26,6 +26,7 @@
     config = {}                                 # Our config, unless otherwise specified in init
     proxy_url = "http://localhost:8000"         # Backend URL to proxy to
     port = 8080                                 # Port we listen on
+    ipheader = "x-forwarded-for"                # Standard IP forward header
     last_batches = []                           # Last batches of requests for stats
     scan_times = []                             # Scan times for stats
     processing_times = []                       # Request proxy processing times for stats
@@ -42,6 +43,7 @@
             self.config = yaml.safe_load(open(config_file, "r"))
             self.proxy_url = self.config.get("proxy_url", self.proxy_url)
             self.port = int(self.config.get('port', self.port))
+            self.ipheader = self.config.get("ipheader", self.ipheader)
             for pm in self.config.get("postmatches", []):
                 r = re.compile(bytes(pm, encoding="utf-8"), flags=re.IGNORECASE)
                 self.postmatches.append(r)
@@ -63,7 +65,11 @@
         request_url = "/" + request.match_info["path"]
         now = time.time()
         target_url = urllib.parse.urljoin(self.proxy_url, request_url)
-        # print(f"Proxying request to {target_url}...")  # Tooooo spammy, keep it clean
+        if self.ipheader:
+            remote_ip = request.headers.get(self.ipheader, request.remote)
+        else:
+            remote_ip = request.remote
+        #  print(f"Proxying request to {target_url}...")  # Tooooo spammy, keep it clean
 
         # Debug output for syslog
         self.last_batches.append(time.time())
@@ -89,7 +95,7 @@
         bad_items = []
 
         # Check if offender is in out registry already
-        if request.remote in self.offenders:
+        if remote_ip in self.offenders:
             bad_items.append("Client is on the list of bad offenders.")
 
         # Check for honey pot URLs
@@ -117,22 +123,22 @@
         if bad_items:
             for iu in self.ignoreurls:
                 if iu in request_url:
-                    print(f"Spam was detected from {request.remote} but URL '{request_url} is on ignore list, so...")
+                    print(f"Spam was detected from {remote_ip} but URL '{request_url} is on ignore list, so...")
                     bad_items = []
                     break
 
         if bad_items:
-            print(f"Request from {request.remote} to '{request_url}' contains possible spam:")
+            print(f"Request from {remote_ip} to '{request_url}' contains possible spam:")
             for item in bad_items:
-                print(f"[{request.remote}]: {item}")
+                print(f"[{remote_ip}]: {item}")
 
         # Done with scan, log how long that took
         self.scan_times.append(time.time() - now)
 
         # If bad items were found, don't proxy, return empty response
         if bad_items:
-            if request.remote not in self.offenders:
-                self.offenders.append(request.remote)
+            if remote_ip not in self.offenders:
+                self.offenders.append(remote_ip)
             self.processing_times.append(time.time() - now)
             return None
 
@@ -151,7 +157,6 @@
         self.processing_times.append(time.time() - now)
         return aiohttp.web.Response(body=raw, status=result.status, headers=result.headers)
 
-
 async def main():
     A = Aardvark()
     app = aiohttp.web.Application()