am-wd/common
1
0
Fork 0
Code Actions Activity

Fixing IPNetwork for .NET 10

Browse Source
This commit is contained in:
Andreas Müller
2025-11-13 21:01:50 +01:00
parent f6f4bc085f
commit 3698452e92
3 changed files with 107 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/AMWD.Common.AspNetCore/Attributes/IPAllowListAttribute.cs
View File

@@ -3,7 +3,12 @@ using System.Net;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
#if NET10_0_OR_GREATER
using IPNetwork = System.Net.IPNetwork;
#else
using IPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork;
#endif
namespace Microsoft.AspNetCore.Mvc.Filters
{

5
src/AMWD.Common.AspNetCore/Attributes/IPBlockListAttribute.cs
View File

@@ -3,7 +3,12 @@ using System.Net;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
#if NET10_0_OR_GREATER
using IPNetwork = System.Net.IPNetwork;
#else
using IPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork;
#endif
namespace Microsoft.AspNetCore.Mvc.Filters
{

130
src/AMWD.Common.AspNetCore/Extensions/ApplicationBuilderExtensions.cs
View File

@@ -2,7 +2,12 @@
using System.Net;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpOverrides;
#if NET10_0_OR_GREATER
using IPNetwork = System.Net.IPNetwork;
#else
using IPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork;
#endif
namespace Microsoft.AspNetCore.Builder
{
@@ -19,9 +24,9 @@ namespace Microsoft.AspNetCore.Builder
/// A base path (e.g. running in a sub-directory /app) for the application can be defined via <c>ASPNETCORE_APPL_PATH</c> environment variable.
/// <br/>
/// <br/>
/// Additionally you can specify the proxy server by using <paramref name="address"/> or a <paramref name="network"/> when there are multiple proxy servers.
/// Additionally you can specify the proxy server by using <paramref name="proxyAddress"/> or a <paramref name="proxyNetwork"/> when there are multiple proxy servers.
/// <br/>
/// When neither <paramref name="address"/> nor <paramref name="network"/> is set, the default subnets are configured:
/// When neither <paramref name="proxyAddress"/> nor <paramref name="proxyNetwork"/> is set, the default subnets are configured:
/// <list type="bullet">
/// <item><c>127.0.0.0/8</c></item>
/// <item><c>::1/128</c></item>
@@ -32,49 +37,108 @@ namespace Microsoft.AspNetCore.Builder
/// <item><c>fd00::/8</c></item>
/// </list>
/// </remarks>
/// <param name="app">The application builder.</param>
/// <param name="network">The <see cref="IPNetwork"/> where proxy requests are received from (optional).</param>
/// <param name="address">The <see cref="IPAddress"/> where proxy requests are received from (optional).</param>
/// <param name="appBuilder">The application builder.</param>
/// <param name="proxyNetwork">The <see cref="IPNetwork"/> where proxy requests are received from (optional).</param>
/// <param name="proxyAddress">The <see cref="IPAddress"/> where proxy requests are received from (optional).</param>
/// <param name="basePath">A custom base path (optional, <c>ASPNETCORE_APPL_PATH</c> is prefererred).</param>
public static IApplicationBuilder UseProxyHosting(this IApplicationBuilder app, IPNetwork network = null, IPAddress address = null, string basePath = null)
#if NET10_0_OR_GREATER
public static IApplicationBuilder UseProxyHosting(this IApplicationBuilder appBuilder, IPNetwork? proxyNetwork = null, IPAddress proxyAddress = null, string basePath = null)
#else
public static IApplicationBuilder UseProxyHosting(this IApplicationBuilder appBuilder, IPNetwork proxyNetwork = null, IPAddress proxyAddress = null, string basePath = null)
#endif
{
string path = Environment.GetEnvironmentVariable("ASPNETCORE_APPL_PATH");
if (string.IsNullOrWhiteSpace(path))
path = basePath;
string envPath = Environment.GetEnvironmentVariable("ASPNETCORE_APPL_PATH");
string envProxy = Environment.GetEnvironmentVariable("ASPNETCORE_APPL_PROXY");
if (!string.IsNullOrWhiteSpace(path))
app.UsePathBase(new PathString(path));
if (string.IsNullOrWhiteSpace(envPath))
envPath = basePath;
var options = new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.All };
options.KnownProxies.Clear();
options.KnownNetworks.Clear();
// Set PathBase from environment variable when available.
// This allows the application to be hosted behind a reverse proxy with a specific sub-path.
if (!string.IsNullOrWhiteSpace(envPath))
appBuilder.UsePathBase(new PathString(envPath));
if (network == null && address == null)
// Configure Forwarded Headers to correctly handle reverse proxy scenarios.
var forwardedHeadersOptions = new ForwardedHeadersOptions
{
// localhost
options.KnownNetworks.Add(new IPNetwork(IPAddress.Loopback, 8));
options.KnownNetworks.Add(new IPNetwork(IPAddress.IPv6Loopback, 128));
ForwardedHeaders = ForwardedHeaders.All
};
// private IPv4 networks
// see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses
options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("10.0.0.0"), 8));
options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("172.16.0.0"), 12));
options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("192.168.0.0"), 16));
// Reset KnownProxies and KnownNetworks to avoid default restrictions.
forwardedHeadersOptions.KnownProxies.Clear();
// private IPv6 networks
// see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses
options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("fd00::"), 8));
#if NET10_0_OR_GREATER
forwardedHeadersOptions.KnownIPNetworks.Clear();
#else
forwardedHeadersOptions.KnownNetworks.Clear();
#endif
// If no specific proxy address or network is provided, use environment variable or defaults.
if (proxyAddress == null && proxyNetwork == null)
{
if (string.IsNullOrWhiteSpace(envProxy))
{
#if NET10_0_OR_GREATER
// Always trust localhost.
forwardedHeadersOptions.KnownIPNetworks.Add(IPNetwork.Parse("127.0.0.0/8"));
forwardedHeadersOptions.KnownIPNetworks.Add(IPNetwork.Parse("::1/128"));
// Trust common private network ranges.
forwardedHeadersOptions.KnownIPNetworks.Add(IPNetwork.Parse("10.0.0.0/8"));
forwardedHeadersOptions.KnownIPNetworks.Add(IPNetwork.Parse("172.16.0.0/12"));
forwardedHeadersOptions.KnownIPNetworks.Add(IPNetwork.Parse("192.168.0.0/16"));
forwardedHeadersOptions.KnownIPNetworks.Add(IPNetwork.Parse("fd00::/8"));
#else
// Always trust localhost.
forwardedHeadersOptions.KnownNetworks.Add(IPNetwork.Parse("127.0.0.0/8"));
forwardedHeadersOptions.KnownNetworks.Add(IPNetwork.Parse("::1/128"));
// Trust common private network ranges.
forwardedHeadersOptions.KnownNetworks.Add(IPNetwork.Parse("10.0.0.0/8"));
forwardedHeadersOptions.KnownNetworks.Add(IPNetwork.Parse("172.16.0.0/12"));
forwardedHeadersOptions.KnownNetworks.Add(IPNetwork.Parse("192.168.0.0/16"));
forwardedHeadersOptions.KnownNetworks.Add(IPNetwork.Parse("fd00::/8"));
#endif
}
else
{
// Try to parse proxies from environment variable.
string[] envProxies = envProxy.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
foreach (string proxy in envProxies)
{
if (IPAddress.TryParse(proxy, out var address))
{
forwardedHeadersOptions.KnownProxies.Add(address);
continue;
}
if (IPNetwork.TryParse(proxy, out var network))
{
#if NET10_0_OR_GREATER
forwardedHeadersOptions.KnownIPNetworks.Add(network);
#else
forwardedHeadersOptions.KnownNetworks.Add(network);
#endif
continue;
}
}
}
}
if (network != null)
options.KnownNetworks.Add(network);
if (proxyAddress != null)
forwardedHeadersOptions.KnownProxies.Add(proxyAddress);
if (address != null)
options.KnownProxies.Add(address);
#if NET10_0_OR_GREATER
if (proxyNetwork.HasValue)
forwardedHeadersOptions.KnownIPNetworks.Add(proxyNetwork.Value);
#else
if (proxyNetwork != null)
forwardedHeadersOptions.KnownNetworks.Add(proxyNetwork);
#endif
app.UseForwardedHeaders(options);
return app;
appBuilder.UseForwardedHeaders(forwardedHeadersOptions);
return appBuilder;
}
}
}