Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dealing with Fake IP when using Clash #6137

Open
glfruit opened this issue Dec 13, 2022 · 6 comments
Open

Dealing with Fake IP when using Clash #6137

glfruit opened this issue Dec 13, 2022 · 6 comments

Comments

@glfruit
Copy link

glfruit commented Dec 13, 2022
edited by j0k3r

I run wallabag behind a Clash proxy, the problem is Clash always returns fake ip for any domain which wallbag uses to fetch content. Obviously this can't work because fake ip is just a private network address. Is there any way to make wallbag work properly with Clash?
@9k001
Copy link

9k001 commented Feb 28, 2024

I have the same problem as you. Have you made any progress on this problem?

@j0k3r j0k3r removed the Site Config label Feb 28, 2024
@j0k3r j0k3r changed the title Dealing with Fake IP Dealing with Fake IP when using Clash Feb 28, 2024
@9k001
Copy link

9k001 commented Feb 28, 2024

After my constant search, I found the cause of the problem.
At the beginning of the period, a discussion of security took place here. Server Side Request Forgery (SSRF)
The author of wallabag wrote a security plug-in . httplug-ssrf-plugin
Among them, some blocked IP are written here. Options.php
So, my solution is to comment out the settings about FakeIP.

# cp /var/www/wallabag/vendor/j0k3r/httplug-ssrf-plugin/src/Options.php /var/www/wallabag/vendor/j0k3r/httplug-ssrf-plugin/src/Options.php.bak
# vi /var/www/wallabag/vendor/j0k3r/httplug-ssrf-plugin/src/Options.php

        'blacklist' => [
            'ip' => [
                '0.0.0.0/8',
                '10.0.0.0/8',
                '100.64.0.0/10',
                '127.0.0.0/8',
                '169.254.0.0/16',
                '172.16.0.0/12',
                '192.0.0.0/29',
                '192.0.2.0/24',
                '192.88.99.0/24',
                '192.168.0.0/16',
                /**'198.18.0.0/15',*/
                '198.51.100.0/24',
                '203.0.113.0/24',
                '224.0.0.0/4',
                '240.0.0.0/4',
            ],

But I still want @j0k3r to pay attention to this problem. Modify the relevant code. After all, mounting files is only a temporary solution.

@j0k3r
Copy link
Member

j0k3r commented Feb 28, 2024

Yeah maybe we should allow end user to configure the blacklist ip array.

@9k001
Copy link

9k001 commented Feb 28, 2024

Yeah maybe we should allow end user to configure the blacklist ip array.

I think having a switch is a better choice. If it is a configuration item, there may be problems with input parameters.

@j0k3r
Copy link
Member

j0k3r commented Feb 28, 2024

What do you mean by having a switch?

@9k001
Copy link

9k001 commented Feb 28, 2024

What do you mean by having a switch?

Well, I use translation software. The switch has a button, which is opened to add the security setting, and off to cancel the security setting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@j0k3r @glfruit @9k001