mirror of
https://github.com/mempool/mempool.git
synced 2025-02-22 14:22:44 +01:00
nginx: Fix gixy test host_spoofing
This patch was generated by replacing:
`proxy_set_header Host $http_host` ->
`proxy_set_header Host $host`
Script:
find . -type f -exec sed -i 's|proxy_set_header Host \$http_host|proxy_set_header Host \$host|g' {} \;
Fixes test error:
```
>> Problem: [host_spoofing] The proxied Host header may be spoofed.
Description: In most cases "$host" variable are more appropriate, just use it.
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md
```
`proxy_set_header Host $host` is indeed the recommended default proxy header setting.
This commit is contained in:
Erik Arvstedt
parent
eec82e1bf9
commit
81bc449043
9 changed files with 40 additions and 40 deletions
|
|
@ -5,7 +5,7 @@ location /api/v1/lightning {
|
|||
location @mempool-api-v1-lightning {
|
||||
proxy_pass $mempoolMainnetLightning;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ location @mempool-api-v1-websocket {
|
|||
proxy_pass $mempoolMainnet;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
|
@ -59,7 +59,7 @@ location @mempool-api-v1-websocket {
|
|||
location @mempool-api-v1-cache-forever {
|
||||
proxy_pass $mempoolMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -76,7 +76,7 @@ location @mempool-api-v1-cache-forever {
|
|||
location @mempool-api-v1-cache-warm {
|
||||
proxy_pass $mempoolMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -91,7 +91,7 @@ location @mempool-api-v1-cache-warm {
|
|||
location @mempool-api-v1-cache-normal {
|
||||
proxy_pass $mempoolMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -106,7 +106,7 @@ location @mempool-api-v1-cache-normal {
|
|||
location @mempool-api-v1-cache-disabled {
|
||||
proxy_pass $mempoolMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -120,7 +120,7 @@ location @mempool-api-v1-cache-disabled {
|
|||
location @esplora-api-cache-disabled {
|
||||
proxy_pass $esploraMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -134,7 +134,7 @@ location @esplora-api-cache-disabled {
|
|||
location @esplora-api-cache-forever {
|
||||
proxy_pass $esploraMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ location @mempool-liquid-api-v1-websocket {
|
|||
proxy_pass $mempoolMainnet;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
|
@ -60,7 +60,7 @@ location @mempool-liquid-api-v1-websocket {
|
|||
location @mempool-liquid-api-v1-cache-forever {
|
||||
proxy_pass $mempoolMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -77,7 +77,7 @@ location @mempool-liquid-api-v1-cache-forever {
|
|||
location @mempool-liquid-api-v1-cache-warm {
|
||||
proxy_pass $mempoolMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -92,7 +92,7 @@ location @mempool-liquid-api-v1-cache-warm {
|
|||
location @mempool-liquid-api-v1-cache-normal {
|
||||
proxy_pass $mempoolMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -107,7 +107,7 @@ location @mempool-liquid-api-v1-cache-normal {
|
|||
location @mempool-liquid-api-v1-cache-disabled {
|
||||
proxy_pass $mempoolMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -121,7 +121,7 @@ location @mempool-liquid-api-v1-cache-disabled {
|
|||
location @esplora-liquid-api-cache-disabled {
|
||||
proxy_pass $esploraMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -135,7 +135,7 @@ location @esplora-liquid-api-cache-disabled {
|
|||
location @esplora-liquid-api-cache-forever {
|
||||
proxy_pass $esploraMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ location @mempool-liquidtestnet-api-v1-websocket {
|
|||
proxy_pass $mempoolTestnet;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
|
@ -64,7 +64,7 @@ location @mempool-liquidtestnet-api-v1-websocket {
|
|||
location @mempool-liquidtestnet-api-v1-cache-forever {
|
||||
proxy_pass $mempoolTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -81,7 +81,7 @@ location @mempool-liquidtestnet-api-v1-cache-forever {
|
|||
location @mempool-liquidtestnet-api-v1-cache-warm {
|
||||
proxy_pass $mempoolTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -96,7 +96,7 @@ location @mempool-liquidtestnet-api-v1-cache-warm {
|
|||
location @mempool-liquidtestnet-api-v1-cache-normal {
|
||||
proxy_pass $mempoolTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -111,7 +111,7 @@ location @mempool-liquidtestnet-api-v1-cache-normal {
|
|||
location @mempool-liquidtestnet-api-v1-cache-disabled {
|
||||
proxy_pass $mempoolTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -125,7 +125,7 @@ location @mempool-liquidtestnet-api-v1-cache-disabled {
|
|||
location @esplora-liquidtestnet-api-cache-disabled {
|
||||
proxy_pass $esploraTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -139,7 +139,7 @@ location @esplora-liquidtestnet-api-cache-disabled {
|
|||
location @esplora-liquidtestnet-api-cache-forever {
|
||||
proxy_pass $esploraTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ location /signet/api/v1/lightning {
|
|||
location @mempool-signet-api-v1-lightning {
|
||||
proxy_pass $mempoolSignetLightning;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ location @mempool-signet-api-v1-websocket {
|
|||
proxy_pass $mempoolSignet;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
|
@ -64,7 +64,7 @@ location @mempool-signet-api-v1-websocket {
|
|||
location @mempool-signet-api-v1-cache-forever {
|
||||
proxy_pass $mempoolSignet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -81,7 +81,7 @@ location @mempool-signet-api-v1-cache-forever {
|
|||
location @mempool-signet-api-v1-cache-warm {
|
||||
proxy_pass $mempoolSignet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -96,7 +96,7 @@ location @mempool-signet-api-v1-cache-warm {
|
|||
location @mempool-signet-api-v1-cache-normal {
|
||||
proxy_pass $mempoolSignet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -111,7 +111,7 @@ location @mempool-signet-api-v1-cache-normal {
|
|||
location @mempool-signet-api-v1-cache-disabled {
|
||||
proxy_pass $mempoolSignet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -125,7 +125,7 @@ location @mempool-signet-api-v1-cache-disabled {
|
|||
location @esplora-signet-api-cache-disabled {
|
||||
proxy_pass $esploraSignet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -139,7 +139,7 @@ location @esplora-signet-api-cache-disabled {
|
|||
location @esplora-signet-api-cache-forever {
|
||||
proxy_pass $esploraSignet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ location /testnet/api/v1/lightning {
|
|||
location @mempool-testnet-api-v1-lightning {
|
||||
proxy_pass $mempoolSignetLightning;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ location @mempool-testnet-api-v1-websocket {
|
|||
proxy_pass $mempoolTestnet;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
|
@ -64,7 +64,7 @@ location @mempool-testnet-api-v1-websocket {
|
|||
location @mempool-testnet-api-v1-cache-forever {
|
||||
proxy_pass $mempoolTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -81,7 +81,7 @@ location @mempool-testnet-api-v1-cache-forever {
|
|||
location @mempool-testnet-api-v1-cache-warm {
|
||||
proxy_pass $mempoolTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -96,7 +96,7 @@ location @mempool-testnet-api-v1-cache-warm {
|
|||
location @mempool-testnet-api-v1-cache-normal {
|
||||
proxy_pass $mempoolTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -111,7 +111,7 @@ location @mempool-testnet-api-v1-cache-normal {
|
|||
location @mempool-testnet-api-v1-cache-disabled {
|
||||
proxy_pass $mempoolTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -125,7 +125,7 @@ location @mempool-testnet-api-v1-cache-disabled {
|
|||
location @esplora-testnet-api-cache-disabled {
|
||||
proxy_pass $esploraTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -139,7 +139,7 @@ location @esplora-testnet-api-cache-disabled {
|
|||
location @esplora-testnet-api-cache-forever {
|
||||
proxy_pass $esploraTestnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ location @mempool-bisq-websocket {
|
|||
location @mempool-bisq {
|
||||
proxy_pass $mempoolBisq;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
@ -89,7 +89,7 @@ location @mempool-bisq {
|
|||
location @esplora-api-cache-disabled {
|
||||
proxy_pass $esploraMainnet;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue