#24432: The meek<->moat tunneling isn't set up correctly ----------------------------------+-------------------------- Reporter: isis | Owner: isis Type: defect | Status: reopened Priority: High | Milestone: Component: Obfuscation/BridgeDB | Version: Severity: Normal | Resolution: Keywords: moat bridgedb-dist | Actual Points: Parent ID: #24689 | Points: 2 Reviewer: | Sponsor: SponsorM ----------------------------------+--------------------------
Comment (by isis): @mcs Thanks, I fixed the typos, the test script seems to be producing the same answers as your TB now. I've identified a couple more problems: 1. The "id" field of the JSON that is sent by the client is decoded to a string (e.g. `"2"` ''not'' `2`). (Whooooooo duck-typing FTL.) This is fixed in my `fix/24432-json-str` branch. 2. Either the meek-reflector or the meek-server or the Apache server is changing the `X-Forwarded-For` header from `"X-Forwarded-For: 1.2.3.4"` to `"X-Forwarded-For: 1.2.3.4, 127.0.0.1"`. This is unfortunate, as it means that we're not able to get accurate IP information about the client to use for anti-scraping protections (also it bungles the security of the CAPTCHAs because it also means clients can "trade" CAPTCHAs and solutions). There is a temporary "fix" for this in my `fix/24432-ignore- loopback` branch, which simply skips loopback addresses while parsing the `X-Forwarded-For` headers. Eventually we'll need to find which piece of infrastructure is setting the IP to 127.0.0.1 and change it to report the client's actual IP, then disable this fix (there's a config option). :/ -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24432#comment:28> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs