add setting to disable reflective IP address detection #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some users may need to disable reflective IP address detection in some self-hosted scenarios. * The server is run inside a private network and the server has no access to the Internet. * The server is run within a hostile network environment. The operator does not wish adversaries to gain knowledge that a geph4-exit is more likely to exist on a device. (HTTP communication with checkip.amazonaws.com, HTTP User-Agent: ureq/1.5.5) * The operator does not wish Amazon to gain knowledge that a geph4-exit is more likely to exist on a network location. This new setting keeps the default behaviour unchanged while allowing the user to define if geph4-exit should contact an external service to determine reflective IP address.
|
The ASN database file is also downloaded automatically with no way to disable or prevent without patching the source. It does not serve an essential purpose unless the user is routing the traffic based on destination IP ASN, and even then, it could have been loaded from a file, instead of a network position. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some users may need to disable reflective IP address detection in some self-hosted scenarios.
This new setting keeps the default behaviour unchanged while allowing the user to define if geph4-exit should contact an external service to determine reflective IP address.
This is an individual contribution and does not represent affiliated organizations in any way.