archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 20:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

hardening(proxy): don't proxy private IP addresses

Browse source 
...by default.

This is useful when `RelayDomainNamePattern` is lax (e.g. just "$")
(which is not the case by default, so this is simply
a hardening measure).
This commit is contained in:
WofWca 2024-08-31 22:05:34 +04:00 committed by Shelikhoo
parent 399bda5257
commit 94c6089cdd
No known key found for this signature in database
GPG key ID: 4C9764E9FE80A3DC
4 changed files with 45 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

3
proxy/README.md
View file

@ -31,6 +31,9 @@ The Snowflake proxy can be run with the following options:
Usage of ./proxy:
-allow-non-tls-relay
allow relay without tls encryption
-allow-proxying-to-private-addresses
allow forwarding client connections to private IP addresses.
Useful when a Snowflake server (relay) is hosted on the same private network as this proxy.
-allowed-relay-hostname-pattern string
a pattern to specify allowed hostname pattern for relay URL. (default "snowflake.torproject.net$")
-broker string