Add "fail secure" mode and client timeout#119
Closed
timonorawski wants to merge 5 commits intowillnorris:masterfrom
Closed
Add "fail secure" mode and client timeout#119timonorawski wants to merge 5 commits intowillnorris:masterfrom
timonorawski wants to merge 5 commits intowillnorris:masterfrom
Conversation
…tream servers are nonresponsive Add Fail Secure mode switchable via --secure -- which will prevent accidental proxying of remote targets that are not images.
…n open proxy when no transform specified.
…mpting to decode image unnecessarily
…t inside the Transform. Preserve previous functionality of just returning the target data if the FailSecure flag is not set. Transform: If FailSecure is set and no transform is specified, test whether the image is parseable before returning its raw bytes.
Owner
j-mcnally
pushed a commit
to Chowly/imageproxy
that referenced
this pull request
Feb 6, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a -failsecure command line parameter that ensures that the target content is always verified to in fact be an image before returning it to the requester - existing functionality acts as an open http proxy with potential for abuse. Note: added this as a command line option so as not to break existing use cases that may depend on the open proxy logic (i.e. using imageproxy as a backend cache for non-image files).
examples:
http://localhost:8080/600x/https://www.google.com
http://localhost:8080/https://www.cnn.com
applies the Timeout parameter to the http client as well as the server, so as not to leave open connections potentially consuming system resources after we have given up requesting from a slow upstream server.
e.g. run a nonresponsive http server and then try to imageproxy it
http://localhost:8080/200x/http://localhost:10000/test.jpg
unresponsivevserver.go:
package main
import (
"net/http"
"time"
"log"
)
func main() {
svr := &http.Server{
Addr:":10000",
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
time.Sleep(time.Hour)
}),
}
log.Fatal(svr.ListenAndServe())
}