* Allow restrictions based on Authorization header
Currently, server has only 2 types of restriction matcher: PathPrefix
and Any.
Lets augment the RestrictionConfig to also allow an Authorization Header
matcher; if such matcher is present, the Auth header in the websocket
upgrade request must match the regex set in the matcher.
This provides additional security benefit than using the PathPrefix
matcher in setups where wstunnel server sits behind a load-balancer or
a reverse proxy, where the request's path is logged by such systems.
* server/utils tests: Add test_validate_tunnel_with_auth
Tests MatchConfig::Authorization based restrictions.
This change adds a `port_mapping` option to the `ReverseTunnel` definition in the (YAML) restriction file.
It maps ports on the server side from X to Y (X:Y). Where X is the originally requested port by the client and Y is the port which will be used to listen on server-side.
For example with `10001:8080` configured and a client which connects using `-R tcp://10001:localhost:80` the server will listen on port 8080 instead of 10001. The originally requested ports (NOT the mapped ports) still needs to be allowed via the `ports` directive.
This is for example useful when dealing with lots of clients and you don't want to coordinate port use on all the clients but centrally on the server.
Erèbe - Romain Gerard