开发者

How to program Fiddler to restrict IP range while in reverse proxy mode?

I've configured Fiddler as a reverse proxy on port 8888 (to forward 开发者_如何学Goto 80) using its rules file. Now I want to restrict the IP range that can access the reverse proxy as a security measure.

Is it possible to do this using only the Fiddler rules file without needing to configure the firewall or anything external to the Fiddler programming?


Rules > Customize Rules. Scroll to OnBeforeRequest.

There, you can get the client's IP address using the property oSession["X-CLIENTIP"], and if you're not satisfied with the value, do something like oSession.oRequest.FailSession(403, "Proxy access denied", "You are not permitted to use this site.");


Update by question author

Sample script used:

// restrict usage to IPs and ranges
if (oSession["X-CLIENTIP"].indexOf(/*My Business, modify to your IP range>*/"0.0.0.") != 0 
    && 
    oSession["X-CLIENTIP"].indexOf(/*private*/"192.168.") != 0  
    &&
    oSession["X-CLIENTIP"].indexOf(/*localhost*/"127.0.0.") != 0 
    && 
    oSession["X-CLIENTIP"].indexOf(/*private*/"10.") != 0 
    ) {

    oSession.oRequest.FailSession(403, "Proxy access denied", "Your IP# is not permitted to use this Fiddler debugger.");

    return;
}

Also note that IPv6 might throw a monkey wrench into things because X-CLIENTIP can be 192.168.100.139 or ::ffff:192.168.100.139 At this point the programmer might consider using regex tests like this one that matches either incarnation of the IP#:

/^(?:\:\:ffff\:)?192\.168\..+/.test(oSession["X-CLIENTIP"])
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜