From 0747b9cecdc6b498fa7ef7f70c6e58e3e0546d2c Mon Sep 17 00:00:00 2001 From: Lars Gierth Date: Mon, 28 Mar 2016 19:21:48 -0400 Subject: [PATCH] go-ipfs-config: gateway: enforce allowlist for path prefixes The gateway accepts an X-Ipfs-Path-Prefix header, and assumes that it is mounted in a reverse proxy like nginx, at this path. Links in directory listings, as well as trailing-slash redirects need to be rewritten with that prefix in mind. We don't want a potential attacker to be able to pass in arbitrary path prefixes, which would end up in redirects and directory listings, which is why every prefix has to be explicitly allowed in the config. Previously, we'd accept *any* X-Ipfs-Path-Prefix header. Example: We mount blog.ipfs.io (a dnslink page) at ipfs.io/blog. nginx_ipfs.conf: location /blog/ { rewrite "^/blog(/.*)$" $1 break; proxy_set_header Host blog.ipfs.io; proxy_set_header X-Ipfs-Gateway-Prefix /blog; proxy_pass http://127.0.0.1:8080; } .ipfs/config: "Gateway": { "PathPrefixes": ["/blog"], // ... }, dnslink: > dig TXT _dnslink.blog.ipfs.io dnslink=/ipfs/QmWcBjXPAEdhXDATV4ghUpkAonNBbiyFx1VmmHcQe9HEGd License: MIT Signed-off-by: Lars Gierth --- config/gateway.go | 1 + config/init.go | 1 + 2 files changed, 2 insertions(+) diff --git a/config/gateway.go b/config/gateway.go index 07bc9aad2..a8ba70590 100644 --- a/config/gateway.go +++ b/config/gateway.go @@ -5,4 +5,5 @@ type Gateway struct { HTTPHeaders map[string][]string // HTTP headers to return with the gateway RootRedirect string Writable bool + PathPrefixes []string } diff --git a/config/init.go b/config/init.go index 1cbc9f495..3dbc1b3f5 100644 --- a/config/init.go +++ b/config/init.go @@ -65,6 +65,7 @@ func Init(out io.Writer, nBitsForKeypair int) (*Config, error) { Gateway: Gateway{ RootRedirect: "", Writable: false, + PathPrefixes: []string{}, }, }