		@@ -111,3 +111,6 @@ "use strict";
		allowIPAddressList: options && options.allowIPAddressList ? options.allowIPAddressList : [],
		denyIPAddressList: options && options.denyIPAddressList ? options.denyIPAddressList : []
		denyIPAddressList: options && options.denyIPAddressList ? options.denyIPAddressList : [],
		stopPortScanningByUrlRedirection: options && options.stopPortScanningByUrlRedirection !== undefined
		? options.stopPortScanningByUrlRedirection
		: false
		};
		@@ -121,2 +124,13 @@ // override http.Agent#createConnection
		agent.createConnection = function (options, connectionListener) {
		if (requestFilterOptions.stopPortScanningByUrlRedirection) {
		// Prevents malicious user from identifying which ports are open
		var host = options.host, family = options.family;
		if (host && net.isIP(host)) {
		var addr = ipaddr_js_1.default.parse(host);
		var range = addr.range();
		if (range !== "unicast") {
		throw new Error("DNS lookup " + host + "(family:" + family + ", host:" + host + ") is not allowed. Because, It is private IP address.");
		}
		}
		}
		var socket = createConnection.call(agent, options, function () {
		@@ -123,0 +137,0 @@ // https://nodejs.org/api/net.html#net_socket_connect_options_connectlistener

package.json

		{
		"name": "request-filtering-agent",
		"version": "1.0.7",
		"version": "1.1.0",
		"description": "An http(s).Agent implementation that block request Private IP address.",
		@@ -5,0 +5,0 @@ "homepage": "https://github.com/azu/request-filtering-agent",

README.md

		@@ -108,2 +108,6 @@ # request-filtering-agent [![Actions Status](https://github.com/azu/request-filtering-agent/workflows/ci/badge.svg)](https://github.com/azu/request-filtering-agent/actions)
		denyIPAddressList?: string[]
		// prevent url redirection attack
		// connection not made to private IP adresses where the port is closed
		// Default: false
		stopPortScanningByUrlRedirection?: boolean;
		}
		@@ -110,0 +114,0 @@ /**

src/request-filtering-agent.ts

		@@ -28,2 +28,6 @@ import * as net from "net";
		denyIPAddressList?: string[];
		// prevent url redirection attack
		// connection not made to private IP adresses where the port is closed
		// Default: false
		stopPortScanningByUrlRedirection?: boolean;
		}
		@@ -112,3 +116,7 @@
		allowIPAddressList: options && options.allowIPAddressList ? options.allowIPAddressList : [],
		denyIPAddressList: options && options.denyIPAddressList ? options.denyIPAddressList : []
		denyIPAddressList: options && options.denyIPAddressList ? options.denyIPAddressList : [],
		stopPortScanningByUrlRedirection:
		options && options.stopPortScanningByUrlRedirection !== undefined
		? options.stopPortScanningByUrlRedirection
		: false
		};
		@@ -122,2 +130,17 @@ // override http.Agent#createConnection
		agent.createConnection = (options: TcpNetConnectOpts, connectionListener?: (error?: Error) => void) => {
		if (requestFilterOptions.stopPortScanningByUrlRedirection) {
		// Prevents malicious user from identifying which ports are open
		const { host, family } = options;
		if (host && net.isIP(host)) {
		const addr = ipaddr.parse(host);
		const range = addr.range();

		if (range !== "unicast") {
		throw new Error(
		`DNS lookup ${host}(family:${family}, host:${host}) is not allowed. Because, It is private IP address.`
		);
		}
		}
		}

		const socket = createConnection.call(agent, options, () => {
		@@ -124,0 +147,0 @@ // https://nodejs.org/api/net.html#net_socket_connect_options_connectlistener

lib/request-filtering-agent.js.map

Sorry, the diff of this file is not supported yet

request-filtering-agent - npm Package Compare versions

New alerts