From 224cd327114e63fe7c153571297f320fb37f3e28 Mon Sep 17 00:00:00 2001 From: Tim Newsham Date: Tue, 23 Jul 2024 10:00:04 -1000 Subject: [PATCH 1/2] disable path filtering but keep logging - log all path violations, with user agent. - make path filtering configurable, and disable it for now. - add more allowed paths. --- dockerproxy/main.go | 11 ++++++++--- fly.toml | 1 + 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/dockerproxy/main.go b/dockerproxy/main.go index 34c6229..6200b6b 100644 --- a/dockerproxy/main.go +++ b/dockerproxy/main.go @@ -42,6 +42,7 @@ var ( noAuth = os.Getenv("NO_AUTH") == "1" noAppName = os.Getenv("NO_APP_NAME") == "1" noHttps = os.Getenv("NO_HTTPS") == "1" + noFilter = os.Getenv("NO_FILTER") == "1" // build variables gitSha string @@ -58,6 +59,8 @@ var allowedPaths = []*regexp.Regexp{ regexp.MustCompile("^/flyio/.*$"), regexp.MustCompile("^/grpc$"), regexp.MustCompile("^/_ping$"), + regexp.MustCompile("^(/v[0-9.]*)?/version$"), + regexp.MustCompile("^(/v[0-9.]*)?/volumes/.*$"), regexp.MustCompile("^(/v[0-9.]*)?/info$"), regexp.MustCompile("^(/v[0-9.]*)?/images/.*$"), } @@ -273,9 +276,11 @@ func dockerProxy() http.Handler { } } if !allowed { - log.Warnf("Refusing to proxy %s", r.URL) - http.Error(w, `{"message":"page not found"}`, http.StatusNotFound) - return + log.Warnf("Invalid path path=%s agent=%q", r.URL, r.UserAgent()) + if !noFilter { + http.Error(w, `{"message":"page not found"}`, http.StatusNotFound) + return + } } reverseProxy.ServeHTTP(w, r) diff --git a/fly.toml b/fly.toml index 0b43d7d..1ba1525 100644 --- a/fly.toml +++ b/fly.toml @@ -9,6 +9,7 @@ kill_timeout = '5s' ALLOW_ORG_SLUG = 'fly' DATA_DIR = '/data' LOG_LEVEL = 'info' + NO_FILTER = '1' [[mounts]] source = 'data' From baf6de6da22fd1e514aa7cc2b0420d77da9e91b4 Mon Sep 17 00:00:00 2001 From: Tim Newsham Date: Tue, 23 Jul 2024 10:24:05 -1000 Subject: [PATCH 2/2] dont use env var for noFilter - env vars from fly.toml arent being passed in when builder is instantiated. so bake the noFilter setting into the src code. --- dockerproxy/main.go | 2 +- fly.toml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/dockerproxy/main.go b/dockerproxy/main.go index 6200b6b..200389d 100644 --- a/dockerproxy/main.go +++ b/dockerproxy/main.go @@ -42,7 +42,7 @@ var ( noAuth = os.Getenv("NO_AUTH") == "1" noAppName = os.Getenv("NO_APP_NAME") == "1" noHttps = os.Getenv("NO_HTTPS") == "1" - noFilter = os.Getenv("NO_FILTER") == "1" + noFilter = true // build variables gitSha string diff --git a/fly.toml b/fly.toml index 1ba1525..0b43d7d 100644 --- a/fly.toml +++ b/fly.toml @@ -9,7 +9,6 @@ kill_timeout = '5s' ALLOW_ORG_SLUG = 'fly' DATA_DIR = '/data' LOG_LEVEL = 'info' - NO_FILTER = '1' [[mounts]] source = 'data'