From 57a53db84e884773ba59b2a4ebb257289300ac39 Mon Sep 17 00:00:00 2001
From: jianglai <jianglai@google.com>
Date: Fri, 7 Dec 2018 15:00:27 -0800
Subject: [PATCH] Make FOSS proxy treat connections with unknown sources more
 gracefully

When a connection to the proxy using the PROXY protocol (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) comes from an IP address that the external load balancer does not recognize, make the source IP 0.0.0.0. This way an appropriate WHOIS quota can be configured for this kind of connections.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=224583547
---
 .../registry/proxy/handler/ProxyProtocolHandler.java     | 9 +++++++++
 .../registry/proxy/handler/ProxyProtocolHandlerTest.java | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/java/google/registry/proxy/handler/ProxyProtocolHandler.java b/java/google/registry/proxy/handler/ProxyProtocolHandler.java
index f86760658..2612f14d3 100644
--- a/java/google/registry/proxy/handler/ProxyProtocolHandler.java
+++ b/java/google/registry/proxy/handler/ProxyProtocolHandler.java
@@ -81,6 +81,15 @@ public class ProxyProtocolHandler extends ByteToMessageDecoder {
           remoteIP = headerArray[2];
           logger.atFine().log(
               "Header parsed, using %s as remote IP for channel %s", remoteIP, ctx.channel());
+          // If the header is "PROXY UNKNOWN"
+          // (see https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt), likely when the
+          // remote connection to the external load balancer is through special means, make it
+          // 0.0.0.0 so that it can be treated accordingly by the relevant quota configs.
+        } else if (headerArray.length == 2 && headerArray[1].equals("UNKNOWN")) {
+          logger.atFine().log(
+              "Header parsed, source IP unknown, using 0.0.0.0 as remote IP for channel %s",
+              ctx.channel());
+          remoteIP = "0.0.0.0";
         } else {
           logger.atFine().log(
               "Cannot parse the header, using source IP as remote IP for channel %s",
diff --git a/javatests/google/registry/proxy/handler/ProxyProtocolHandlerTest.java b/javatests/google/registry/proxy/handler/ProxyProtocolHandlerTest.java
index fa7b8f2bd..62c885d1b 100644
--- a/javatests/google/registry/proxy/handler/ProxyProtocolHandlerTest.java
+++ b/javatests/google/registry/proxy/handler/ProxyProtocolHandlerTest.java
@@ -57,7 +57,7 @@ public class ProxyProtocolHandlerTest {
     assertThat(channel.writeInbound(Unpooled.wrappedBuffer((header + message).getBytes(UTF_8))))
         .isTrue();
     assertThat(((ByteBuf) channel.readInbound()).toString(UTF_8)).isEqualTo(message);
-    assertThat(channel.attr(REMOTE_ADDRESS_KEY).get()).isNull();
+    assertThat(channel.attr(REMOTE_ADDRESS_KEY).get()).isEqualTo("0.0.0.0");
     assertThat(channel.pipeline().get(ProxyProtocolHandler.class)).isNull();
     assertThat(channel.isActive()).isTrue();
   }