From d105ab11af00297a164abab2ab29e8f80f642a13 Mon Sep 17 00:00:00 2001 From: acetone Date: Tue, 17 Jan 2023 08:45:18 +0300 Subject: [PATCH 1/2] Joining two strings to one and correct comments --- libi2pd_client/HTTPProxy.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libi2pd_client/HTTPProxy.cpp b/libi2pd_client/HTTPProxy.cpp index a41320be..cecda2bb 100644 --- a/libi2pd_client/HTTPProxy.cpp +++ b/libi2pd_client/HTTPProxy.cpp @@ -333,7 +333,6 @@ namespace proxy { } else if (!i2p::client::context.GetAddressBook ().FindAddress (m_RequestURL.host) || m_Confirm) { - // Referer check to prevent forced overwriting by link with "&update=true" from harmful URL const std::string referer_raw = m_ClientRequest.GetHeader("Referer"); i2p::http::URL referer_url; if (!referer_raw.empty ()) @@ -342,6 +341,7 @@ namespace proxy { } if (m_RequestURL.host != referer_url.host) { + // Attempt to forced overwriting by link with "&update=true" from harmful URL if (m_Confirm) { LogPrint (eLogWarning, "HTTPProxy: Address update from addresshelper rejected for ", m_RequestURL.host, " (referer is ", m_RequestURL.host.empty() ? "empty" : "harmful", ")"); @@ -354,13 +354,13 @@ namespace proxy { ss << jump << "&update=true\">" << tr("Continue") << "."; GenericProxyInfo(tr("Addresshelper forced update rejected"), ss.str()); } + // Preventing unauthorized additions to the address book else { LogPrint (eLogDebug, "HTTPProxy: Adding address from addresshelper for ", m_RequestURL.host, " (generate refer-base page)"); std::string full_url = m_RequestURL.to_string(); std::stringstream ss; - ss << tr("To add host") << " " << m_RequestURL.host << " " << tr("in router's addressbook") << ", "; - ss << tr("click here") << ":"; + ss << tr("To add host" /*... in router's addressbook, click here */ ) << " " << m_RequestURL.host << " " << tr( /* To add host SOMESHORT.i2p ... */ "in router's addressbook, click here") << ":"; ss << " " << tr("Continue") << "."; GenericProxyInfo(tr("Addresshelper request"), ss.str()); From b290ee1aa04f2f5f4b7b418b6a78df924b197c6a Mon Sep 17 00:00:00 2001 From: acetone Date: Tue, 17 Jan 2023 09:00:11 +0300 Subject: [PATCH 2/2] Cfg example: verbose comments for Web Console auth and addresshelper for public proxy --- contrib/i2pd.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/i2pd.conf b/contrib/i2pd.conf index c65d2bee..c8baa046 100644 --- a/contrib/i2pd.conf +++ b/contrib/i2pd.conf @@ -122,6 +122,8 @@ port = 7070 ## Path to web console, default "/" # webroot = / ## Uncomment following lines to enable Web Console authentication +## You should not use Web Console via public networks without additional encryption. +## HTTP authentication is not encryption layer! # auth = true # user = i2pd # pass = changeme @@ -139,6 +141,8 @@ port = 4444 ## Optional keys file for proxy local destination # keys = http-proxy-keys.dat ## Enable address helper for adding .i2p domains with "jump URLs" (default: true) +## You should disable this feature if your i2pd HTTP Proxy is public, +## because anyone could spoof the short domain via addresshelper and forward other users to phishing links # addresshelper = true ## Address of a proxy server inside I2P, which is used to visit regular Internet # outproxy = http://false.i2p