mirror of https://github.com/fatedier/frp
return ssl alert unrecognized_name when https domain not registered (#3620)
parent
bae0b4d7c0
commit
5c8ea51eb5
|
@ -40,7 +40,8 @@ func NewHTTPConnectTCPMuxer(listener net.Listener, passthrough bool, timeout tim
|
||||||
ret := &HTTPConnectTCPMuxer{passthrough: passthrough}
|
ret := &HTTPConnectTCPMuxer{passthrough: passthrough}
|
||||||
mux, err := vhost.NewMuxer(listener, ret.getHostFromHTTPConnect, timeout)
|
mux, err := vhost.NewMuxer(listener, ret.getHostFromHTTPConnect, timeout)
|
||||||
mux.SetCheckAuthFunc(ret.auth).
|
mux.SetCheckAuthFunc(ret.auth).
|
||||||
SetSuccessHookFunc(ret.sendConnectResponse)
|
SetSuccessHookFunc(ret.sendConnectResponse).
|
||||||
|
SetFailHookFunc(vhostFailed)
|
||||||
ret.Muxer = mux
|
ret.Muxer = mux
|
||||||
return ret, err
|
return ret, err
|
||||||
}
|
}
|
||||||
|
@ -92,6 +93,15 @@ func (muxer *HTTPConnectTCPMuxer) auth(c net.Conn, username, password string, re
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func vhostFailed(c net.Conn) {
|
||||||
|
res := vhost.NotFoundResponse()
|
||||||
|
if res.Body != nil {
|
||||||
|
defer res.Body.Close()
|
||||||
|
}
|
||||||
|
_ = res.Write(c)
|
||||||
|
_ = c.Close()
|
||||||
|
}
|
||||||
|
|
||||||
func (muxer *HTTPConnectTCPMuxer) getHostFromHTTPConnect(c net.Conn) (net.Conn, map[string]string, error) {
|
func (muxer *HTTPConnectTCPMuxer) getHostFromHTTPConnect(c net.Conn) (net.Conn, map[string]string, error) {
|
||||||
reqInfoMap := make(map[string]string, 0)
|
reqInfoMap := make(map[string]string, 0)
|
||||||
sc, rd := libnet.NewSharedConn(c)
|
sc, rd := libnet.NewSharedConn(c)
|
||||||
|
|
|
@ -251,7 +251,7 @@ func (rp *HTTPReverseProxy) connectHandler(rw http.ResponseWriter, req *http.Req
|
||||||
|
|
||||||
remote, err := rp.CreateConnection(req.Context().Value(RouteInfoKey).(*RequestRouteInfo), false)
|
remote, err := rp.CreateConnection(req.Context().Value(RouteInfoKey).(*RequestRouteInfo), false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
_ = notFoundResponse().Write(client)
|
_ = NotFoundResponse().Write(client)
|
||||||
client.Close()
|
client.Close()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,6 +29,7 @@ type HTTPSMuxer struct {
|
||||||
|
|
||||||
func NewHTTPSMuxer(listener net.Listener, timeout time.Duration) (*HTTPSMuxer, error) {
|
func NewHTTPSMuxer(listener net.Listener, timeout time.Duration) (*HTTPSMuxer, error) {
|
||||||
mux, err := NewMuxer(listener, GetHTTPSHostname, timeout)
|
mux, err := NewMuxer(listener, GetHTTPSHostname, timeout)
|
||||||
|
mux.SetFailHookFunc(vhostFailed)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -69,6 +70,12 @@ func readClientHello(reader io.Reader) (*tls.ClientHelloInfo, error) {
|
||||||
return hello, nil
|
return hello, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func vhostFailed(c net.Conn) {
|
||||||
|
// Alert with alertUnrecognizedName
|
||||||
|
_ = tls.Server(c, &tls.Config{}).Handshake()
|
||||||
|
c.Close()
|
||||||
|
}
|
||||||
|
|
||||||
type readOnlyConn struct {
|
type readOnlyConn struct {
|
||||||
reader io.Reader
|
reader io.Reader
|
||||||
}
|
}
|
||||||
|
|
|
@ -67,7 +67,7 @@ func getNotFoundPageContent() []byte {
|
||||||
return buf
|
return buf
|
||||||
}
|
}
|
||||||
|
|
||||||
func notFoundResponse() *http.Response {
|
func NotFoundResponse() *http.Response {
|
||||||
header := make(http.Header)
|
header := make(http.Header)
|
||||||
header.Set("server", "frp/"+version.Full())
|
header.Set("server", "frp/"+version.Full())
|
||||||
header.Set("Content-Type", "text/html")
|
header.Set("Content-Type", "text/html")
|
||||||
|
|
|
@ -46,6 +46,7 @@ type (
|
||||||
authFunc func(conn net.Conn, username, password string, reqInfoMap map[string]string) (bool, error)
|
authFunc func(conn net.Conn, username, password string, reqInfoMap map[string]string) (bool, error)
|
||||||
hostRewriteFunc func(net.Conn, string) (net.Conn, error)
|
hostRewriteFunc func(net.Conn, string) (net.Conn, error)
|
||||||
successHookFunc func(net.Conn, map[string]string) error
|
successHookFunc func(net.Conn, map[string]string) error
|
||||||
|
failHookFunc func(net.Conn)
|
||||||
)
|
)
|
||||||
|
|
||||||
// Muxer is a functional component used for https and tcpmux proxies.
|
// Muxer is a functional component used for https and tcpmux proxies.
|
||||||
|
@ -58,6 +59,7 @@ type Muxer struct {
|
||||||
vhostFunc muxFunc
|
vhostFunc muxFunc
|
||||||
checkAuth authFunc
|
checkAuth authFunc
|
||||||
successHook successHookFunc
|
successHook successHookFunc
|
||||||
|
failHook failHookFunc
|
||||||
rewriteHost hostRewriteFunc
|
rewriteHost hostRewriteFunc
|
||||||
registryRouter *Routers
|
registryRouter *Routers
|
||||||
}
|
}
|
||||||
|
@ -87,6 +89,11 @@ func (v *Muxer) SetSuccessHookFunc(f successHookFunc) *Muxer {
|
||||||
return v
|
return v
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (v *Muxer) SetFailHookFunc(f failHookFunc) *Muxer {
|
||||||
|
v.failHook = f
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
|
||||||
func (v *Muxer) SetRewriteHostFunc(f hostRewriteFunc) *Muxer {
|
func (v *Muxer) SetRewriteHostFunc(f hostRewriteFunc) *Muxer {
|
||||||
v.rewriteHost = f
|
v.rewriteHost = f
|
||||||
return v
|
return v
|
||||||
|
@ -206,13 +213,8 @@ func (v *Muxer) handle(c net.Conn) {
|
||||||
httpUser := reqInfoMap["HTTPUser"]
|
httpUser := reqInfoMap["HTTPUser"]
|
||||||
l, ok := v.getListener(name, path, httpUser)
|
l, ok := v.getListener(name, path, httpUser)
|
||||||
if !ok {
|
if !ok {
|
||||||
res := notFoundResponse()
|
|
||||||
if res.Body != nil {
|
|
||||||
defer res.Body.Close()
|
|
||||||
}
|
|
||||||
_ = res.Write(c)
|
|
||||||
log.Debug("http request for host [%s] path [%s] httpUser [%s] not found", name, path, httpUser)
|
log.Debug("http request for host [%s] path [%s] httpUser [%s] not found", name, path, httpUser)
|
||||||
_ = c.Close()
|
v.failHook(sConn)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue