Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose SSRF mitigation #15247

Merged
merged 1 commit into from
Aug 4, 2021
Merged

Expose SSRF mitigation #15247

merged 1 commit into from
Aug 4, 2021

Conversation

SF73
Copy link
Contributor

@SF73 SF73 commented Jul 29, 2021
edited
Loading

I exposed the ssrf_mitigation option of libtorrent both in the client and in the webUI.

when enabled, tracker and web seed requests are subject to certain restrictions.
An HTTP(s) tracker requests to localhost (loopback) must have the request path start with "/announce". This is the conventional bittorrent tracker request. Any other HTTP(S) tracker request to loopback will be rejected. This applies to trackers that redirect to loopback as well.

I checked on Windows and after deactivating this option I was able to connect to trackers using passkey i.e http://tracker.notworking.com:8080/PassKeyGoesHere/announce with an HTTP proxy running locally.

Probably closes #14260

@glassez glassez changed the title Expose ssrf mitigation Expose SSRF mitigation Jul 30, 2021
Chocobo1
Chocobo1 reviewed Jul 31, 2021
View reviewed changes
Copy link
Member

@Chocobo1 Chocobo1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also please squash all your commits into one.

src/base/bittorrent/session.cpp Outdated Show resolved Hide resolved
src/base/bittorrent/session.cpp Outdated Show resolved Hide resolved
src/gui/advancedsettings.cpp Outdated Show resolved Hide resolved
src/gui/advancedsettings.cpp Outdated Show resolved Hide resolved
src/gui/advancedsettings.cpp Outdated Show resolved Hide resolved
src/base/bittorrent/session.h Outdated Show resolved Hide resolved
src/base/bittorrent/session.cpp Outdated Show resolved Hide resolved
src/webui/api/appcontroller.cpp Outdated Show resolved Hide resolved
src/webui/www/private/views/preferences.html Outdated Show resolved Hide resolved
src/gui/advancedsettings.cpp Outdated Show resolved Hide resolved
@Chocobo1 Chocobo1 added this to the 4.4.0 milestone Jul 31, 2021
@Chocobo1 Chocobo1 merged commit e87f8f5 into qbittorrent:master Aug 4, 2021
@Chocobo1
Copy link
Member

Chocobo1 commented Aug 4, 2021

@SF73
Thank you!

@SF73 SF73 mentioned this pull request Aug 5, 2021
Closed
@xavier2k6 xavier2k6 mentioned this pull request Aug 9, 2021
Merged
xavier2k6 pushed a commit to xavier2k6/qBittorrent that referenced this pull request Aug 10, 2021
@SF73 @xavier2k6
Expose SSRF mitigation (qbittorrent#15247)
b0758ed
Chocobo1 pushed a commit that referenced this pull request Aug 21, 2021
@SF73 @Chocobo1
Expose SSRF mitigation (#15247)
078cfe6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glassez glassez glassez approved these changes

@Chocobo1 Chocobo1 Chocobo1 approved these changes

Assignees
No one assigned
Labels
Core Libtorrent
Projects
None yet
Milestone
4.4.0
4 participants
@SF73 @Chocobo1 @glassez @FranciscoPombal