Benoit Chesneau 112d5353c1 fix: enforce proxy_allow_ips and tighten PROXY parsing in ASGI
Three findings against the ASGI PROXY protocol path:

- High: an untrusted peer could send a PROXY v1/v2 header and have the
  client address surfaced to the app. _setup_callback_parser now passes
  proxy_protocol='off' to the parser when the peer is not in
  proxy_allow_ips. _effective_peername adds a defensive re-check.
- Medium: PROXY v1 TCP4/TCP6 addresses were copied as strings without
  validation. Validate with socket.inet_pton, mirroring the WSGI parser.
- Medium: PROXY v2 quietly mapped non-STREAM (DGRAM) protocols to
  UDP4/UDP6. gunicorn is an HTTP server; reject non-STREAM with
  InvalidProxyHeader, mirroring the WSGI parser.
2026-05-03 22:28:48 +02:00

12 lines
267 B
Python

#
# This file is part of gunicorn released under the MIT license.
# See the NOTICE for more information.
from gunicorn.config import Config
from gunicorn.http.errors import InvalidProxyLine
cfg = Config()
cfg.set('proxy_protocol', True)
request = InvalidProxyLine