Commit Graph

6 Commits

Author SHA1 Message Date
Erèbe - Romain Gerard 97ddf47978 Update restrictions.yaml with Unix socket rule
Added restriction for reverse tunnel on Unix socket.
2025-11-26 09:10:19 +01:00
Shmulik Ladkani e1205b72b8 Allow restrictions based on Authorization header (#428)
* Allow restrictions based on Authorization header

Currently, server has only 2 types of restriction matcher: PathPrefix
and Any.

Lets augment the RestrictionConfig to also allow an Authorization Header
matcher; if such matcher is present, the Auth header in the websocket
upgrade request must match the regex set in the matcher.

This provides additional security benefit than using the PathPrefix
matcher in setups where wstunnel server sits behind a load-balancer or
a reverse proxy, where the request's path is logged by such systems.

* server/utils tests: Add test_validate_tunnel_with_auth

Tests MatchConfig::Authorization based restrictions.
2025-05-07 17:41:22 +02:00
Jasper Siepkes c09c349610 Add option to map (force) port use on the server for reverse tunnels. (#274)
This change adds a `port_mapping` option to the `ReverseTunnel` definition in the (YAML) restriction file.

It maps ports on the server side from X to Y (X:Y). Where X is the originally requested port by the client and Y is the port which will be used to listen on server-side.

For example with `10001:8080` configured and a client which connects using `-R tcp://10001:localhost:80` the server will listen on port 8080 instead of 10001. The originally requested ports (NOT the mapped ports) still needs to be allowed via the `ports` directive.

This is for example useful when dealing with lots of clients and you don't want to coordinate port use on all the clients but centrally on the server.
2024-05-22 16:13:58 +02:00
Σrebe - Romain GERARD 368f6657fd Turn match in restriction config into a list 2024-05-01 09:17:37 +02:00
Σrebe - Romain GERARD 3c84c59a11 Allow multiple ports in restriction file 2024-04-29 08:43:08 +02:00
Σrebe - Romain GERARD 8a228248d7 Add config file for restrictions 2024-04-28 00:07:57 +02:00