From 5368d1bd4c23f777d72a547865129f46a23b968b Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Thu, 17 Aug 2023 18:29:24 +0000 Subject: [PATCH] middleware: Allow HTTP from localhost, not through a reverse proxy. In servers with `application_server.http_only = true` and `loadbalancer.ips` set, the DetectProxyMisconfiguration middleware prevents access over HTTP from IP addresses other than the loadbalancer. However, this misses the case of access from localhost over HTTP, which is safe and expected -- for instance, the `email-mirror-postfix` script used in the email gateway[^1] will post to `http://localhost/` by default in such configurations. With the DetectProxyMisconfiguration installed, this will result in a 403 response. Make an exception for requests from `127.0.0.1` and `::1` from proxy-misconfiguration rejections. [^1]: https://zulip.readthedocs.io/en/latest/production/email-gateway.html --- zerver/middleware.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/zerver/middleware.py b/zerver/middleware.py index 04ca9d57b5..2d5af32824 100644 --- a/zerver/middleware.py +++ b/zerver/middleware.py @@ -636,7 +636,16 @@ class DetectProxyMisconfiguration(MiddlewareMixin): # misconfigured, but we cannot distinguish this from a random # client which is providing proxy headers to a correctly # configured Zulip. - if proxy_state_header != "" and not request.is_secure(): + # + # There is a complication to the above logic -- we do expect + # that requests not through the proxy may happen from + # localhost over HTTP (e.g. the email gateway). Skip warnings + # if the remote IP is localhost. + if ( + proxy_state_header != "" + and not request.is_secure() + and request.META["REMOTE_ADDR"] not in ("127.0.0.1", "::1") + ): raise ProxyMisconfigurationError(proxy_state_header)