Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/net/httpproxy: useProxy rejects localhost/loopback addresses unnecessarily #51416

Open
ianw opened this issue Mar 1, 2022 · 4 comments
Open

x/net/httpproxy: useProxy rejects localhost/loopback addresses unnecessarily #51416

ianw opened this issue Mar 1, 2022 · 4 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@ianw
Copy link

ianw commented Mar 1, 2022

The useProxy function automatically returns false if it decides the target host is localhost or a loopback address @ https://cs.opensource.google/go/x/net/+/master:http/httpproxy/proxy.go;drc=c6ed85c7a12db1bd15e993fd3ae4700b2e9f2c84

if host == "localhost" {
	return false
}
ip := net.ParseIP(host)
if ip != nil {
	if ip.IsLoopback() {
		return false
	}
}

It appears to be just about the only proxy implementation that does this. A good gitlab blog has done a comparison at https://about.gitlab.com/blog/2021/01/27/we-need-to-talk-no-proxy/

There seem to be many valid cases for wanting communications to localhost also proxied. For example, I have setup a docker registry I would like to test listening at localhost:9000 and wish to usemitmproxy on port 8080 to dump the traffic between a client and this testing registry, to analyse the API calls the client is making.

If you do the obvious thing of setting up docker to use http_proxy=http://localhost:8080 the traffic is never proxied to localhost:9000. I'm not sure anyone really expects this; for example even the docker proxy information page https://docs.docker.com/network/proxy/ examples are showing setting 127.0.0.0/8 in the noProxy (maybe it works differently on Windows, where you do require this to not proxy localhost? That seems to make the difference just even more confusing. Searching shows plenty of other examples of people not assuming that localhost/127* are being excluded automatically).

Perhaps there are older comments, I wasn't sure how to track back further than https://cs.opensource.google/go/x/net/+/c7086645de248775cbf2373cf5ca4d2fa664b8c1

Is there any reason why this loopback avoidance shouldn't just be removed in favour of just obeying what is in no_proxy, to bring this in line with most other implementations?
@gopherbot gopherbot added this to the Unreleased milestone Mar 1, 2022
@cagedmantis cagedmantis changed the title x/net: http/httpproxy/proxy.go : useProxy rejects localhost/loopback addresses unnecessarily x/net/httpproxy: useProxy rejects localhost/loopback addresses unnecessarily Mar 7, 2022
@cagedmantis cagedmantis added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Mar 7, 2022
@cagedmantis
Copy link
Contributor

cc @neild @ianlancetaylor

@p53
Copy link

p53 commented Apr 5, 2024

i stumbled on this problem, i wanted to use ProxyFunc in my project to not duplicate PROXY/NO_PROXY functionality and standardise but i am unable to write local tests for this because of localhost restriction

@p53 p53 mentioned this issue Apr 9, 2024
Open
p53 pushed a commit to p53/net that referenced this issue Apr 9, 2024
net/httpproxy: remove loopback check in useProxy func Fixes golang/go…
2d3c203 
…#51416
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/577535 mentions this issue: net/httpproxy: remove loopback check in useProxy func Fixes golang/go#51416

@p53
Copy link

p53 commented Apr 17, 2024

also how would one use e.g. sidecar in pod which would use this function wanting to listen on localhost...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@ianw @cagedmantis @p53 @gopherbot