Fix ipv6 handling in redirect middleware

2025-11-24 04:01:43 +01:00 · 2020-06-17 01:10:04 +02:00 · 2020-06-17 01:10:04 +02:00 · e5e46bf4ed
commit e5e46bf4ed
parent 9f32292473
11 changed files with 49 additions and 11 deletions
--- a/integration/testdata/rawdata-consul.json
+++ b/integration/testdata/rawdata-consul.json
@ -86,7 +86,7 @@
    },
    "dashboard_redirect@internal": {
      "redirectRegex": {
-        "regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$",
+        "regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
        "replacement": "${1}/dashboard/",
        "permanent": true
      },
--- a/integration/testdata/rawdata-etcd.json
+++ b/integration/testdata/rawdata-etcd.json
@ -86,7 +86,7 @@
    },
    "dashboard_redirect@internal": {
      "redirectRegex": {
-        "regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$",
+        "regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
        "replacement": "${1}/dashboard/",
        "permanent": true
      },
--- a/integration/testdata/rawdata-ingress.json
+++ b/integration/testdata/rawdata-ingress.json
@ -54,7 +54,7 @@
 	"middlewares": {
 		"dashboard_redirect@internal": {
 			"redirectRegex": {
-				"regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$",
+				"regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
 				"replacement": "${1}/dashboard/",
 				"permanent": true
 			},
--- a/integration/testdata/rawdata-redis.json
+++ b/integration/testdata/rawdata-redis.json
@ -86,7 +86,7 @@
    },
    "dashboard_redirect@internal": {
      "redirectRegex": {
-        "regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$",
+        "regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
        "replacement": "${1}/dashboard/",
        "permanent": true
      },
--- a/integration/testdata/rawdata-zk.json
+++ b/integration/testdata/rawdata-zk.json
@ -86,7 +86,7 @@
    },
    "dashboard_redirect@internal": {
      "redirectRegex": {
-        "regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$",
+        "regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
        "replacement": "${1}/dashboard/",
        "permanent": true
      },
--- a/pkg/middlewares/redirect/redirect.go
+++ b/pkg/middlewares/redirect/redirect.go
@ -115,7 +115,7 @@ func rawURL(req *http.Request) string {
 	port := ""
 	uri := req.RequestURI

-	schemeRegex := `^(https?):\/\/([\w\._-]+)(:\d+)?(.*)$`
+	schemeRegex := `^(https?):\/\/(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$`
 	re, _ := regexp.Compile(schemeRegex)
 	if re.Match([]byte(req.RequestURI)) {
 		match := re.FindStringSubmatch(req.RequestURI)
--- a/pkg/middlewares/redirect/redirect_scheme.go
+++ b/pkg/middlewares/redirect/redirect_scheme.go
@ -12,7 +12,7 @@ import (

 const (
 	typeSchemeName      = "RedirectScheme"
-	schemeRedirectRegex = `^(https?:\/\/)?([\w\._-]+)(:\d+)?(.*)$`
+	schemeRedirectRegex = `^(https?:\/\/)?(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$`
 )

 // NewRedirectScheme creates a new RedirectScheme middleware.
--- a/pkg/middlewares/redirect/redirect_scheme_test.go
+++ b/pkg/middlewares/redirect/redirect_scheme_test.go
@ -186,6 +186,44 @@ func TestRedirectSchemeHandler(t *testing.T) {
 			expectedURL:    "https://foo",
 			expectedStatus: http.StatusFound,
 		},
+		{
+			desc: "IPV6 HTTP to HTTPS redirection without port",
+			config: dynamic.RedirectScheme{
+				Scheme: "https",
+			},
+			url:            "http://[::1]",
+			expectedURL:    "https://[::1]",
+			expectedStatus: http.StatusFound,
+		},
+		{
+			desc: "IPV6 HTTP to HTTPS redirection with port",
+			config: dynamic.RedirectScheme{
+				Scheme: "https",
+				Port:   "8443",
+			},
+			url:            "http://[::1]",
+			expectedURL:    "https://[::1]:8443",
+			expectedStatus: http.StatusFound,
+		},
+		{
+			desc: "IPV6 HTTP with port 80 to HTTPS redirection without port",
+			config: dynamic.RedirectScheme{
+				Scheme: "https",
+			},
+			url:            "http://[::1]:80",
+			expectedURL:    "https://[::1]",
+			expectedStatus: http.StatusFound,
+		},
+		{
+			desc: "IPV6 HTTP with port 80 to HTTPS redirection with port",
+			config: dynamic.RedirectScheme{
+				Scheme: "https",
+				Port:   "8443",
+			},
+			url:            "http://[::1]:80",
+			expectedURL:    "https://[::1]:8443",
+			expectedStatus: http.StatusFound,
+		},
 	}

 	for _, test := range testCases {
@ -235,7 +273,7 @@ func TestRedirectSchemeHandler(t *testing.T) {
 					require.Errorf(t, err, "Location %v", location)
 				}

-				schemeRegex := `^(https?):\/\/([\w\._-]+)(:\d+)?(.*)$`
+				schemeRegex := `^(https?):\/\/(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$`
 				re, _ := regexp.Compile(schemeRegex)

 				if re.Match([]byte(test.url)) {
--- a/pkg/provider/traefik/fixtures/api_insecure_with_dashboard.json
+++ b/pkg/provider/traefik/fixtures/api_insecure_with_dashboard.json
@ -25,7 +25,7 @@
    "middlewares": {
      "dashboard_redirect": {
        "redirectRegex": {
-          "regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$",
+          "regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
          "replacement": "${1}/dashboard/",
          "permanent": true
        }
--- a/pkg/provider/traefik/fixtures/full_configuration.json
+++ b/pkg/provider/traefik/fixtures/full_configuration.json
@ -57,7 +57,7 @@
    "middlewares": {
      "dashboard_redirect": {
        "redirectRegex": {
-          "regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$",
+          "regex": "^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$",
          "replacement": "${1}/dashboard/",
          "permanent": true
        }
--- a/pkg/provider/traefik/internal.go
+++ b/pkg/provider/traefik/internal.go
@ -197,7 +197,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {

 			cfg.HTTP.Middlewares["dashboard_redirect"] = &dynamic.Middleware{
 				RedirectRegex: &dynamic.RedirectRegex{
-					Regex:       `^(http:\/\/[^:\/]+(:\d+)?)\/$`,
+					Regex:       `^(http:\/\/(\[[\w:.]+\]|[\w\._-]+)(:\d+)?)\/$`,
 					Replacement: "${1}/dashboard/",
 					Permanent:   true,
 				},