Make FOSS proxy treat connections with unknown sources more gracefully

When a connection to the proxy using the PROXY protocol (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) comes from an IP address that the external load balancer does not recognize, make the source IP 0.0.0.0. This way an appropriate WHOIS quota can be configured for this kind of connections. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=224583547
2025-05-12 22:38:16 +02:00 · 2018-12-07 15:00:27 -08:00 · 2018-12-07 15:00:27 -08:00 · 57a53db84e
commit 57a53db84e
parent 305b1edc85
2 changed files with 10 additions and 1 deletions
--- a/java/google/registry/proxy/handler/ProxyProtocolHandler.java
+++ b/java/google/registry/proxy/handler/ProxyProtocolHandler.java
@ -81,6 +81,15 @@ public class ProxyProtocolHandler extends ByteToMessageDecoder {
          remoteIP = headerArray[2];
          logger.atFine().log(
              "Header parsed, using %s as remote IP for channel %s", remoteIP, ctx.channel());
+          // If the header is "PROXY UNKNOWN"
+          // (see https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt), likely when the
+          // remote connection to the external load balancer is through special means, make it
+          // 0.0.0.0 so that it can be treated accordingly by the relevant quota configs.
+        } else if (headerArray.length == 2 && headerArray[1].equals("UNKNOWN")) {
+          logger.atFine().log(
+              "Header parsed, source IP unknown, using 0.0.0.0 as remote IP for channel %s",
+              ctx.channel());
+          remoteIP = "0.0.0.0";
        } else {
          logger.atFine().log(
              "Cannot parse the header, using source IP as remote IP for channel %s",