How to program Fiddler to restrict IP range while in reverse proxy mode?
I've configured Fiddler as a reverse proxy on port 8888 (to forward 开发者_如何学Goto 80) using its rules file. Now I want to restrict the IP range that can access the reverse proxy as a security measure.
Is it possible to do this using only the Fiddler rules file without needing to configure the firewall or anything external to the Fiddler programming?
Rules > Customize Rules. Scroll to OnBeforeRequest.
There, you can get the client's IP address using the property oSession["X-CLIENTIP"]
, and if you're not satisfied with the value, do something like oSession.oRequest.FailSession(403, "Proxy access denied", "You are not permitted to use this site.");
Update by question author
Sample script used:
// restrict usage to IPs and ranges
if (oSession["X-CLIENTIP"].indexOf(/*My Business, modify to your IP range>*/"0.0.0.") != 0
&&
oSession["X-CLIENTIP"].indexOf(/*private*/"192.168.") != 0
&&
oSession["X-CLIENTIP"].indexOf(/*localhost*/"127.0.0.") != 0
&&
oSession["X-CLIENTIP"].indexOf(/*private*/"10.") != 0
) {
oSession.oRequest.FailSession(403, "Proxy access denied", "Your IP# is not permitted to use this Fiddler debugger.");
return;
}
Also note that IPv6 might throw a monkey wrench into things because X-CLIENTIP can be
192.168.100.139
or ::ffff:192.168.100.139
At this point the programmer might consider using regex tests like this one that matches either incarnation of the IP#:
/^(?:\:\:ffff\:)?192\.168\..+/.test(oSession["X-CLIENTIP"])
精彩评论