feat: add KnownIPNetworks

WeihanLi · WeihanLi · commit 8795915d58eb · 2025-07-18T08:44:06.000+08:00
diff --git a/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs b/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs
@@ -213,7 +213,9 @@ public void ApplyForwarders(HttpContext context)
             // Host and Scheme initial values are never inspected, no need to set them here.
         };
 
-        var checkKnownIps = _options.KnownNetworks.Count > 0 || _options.KnownProxies.Count > 0;
+#pragma warning disable CS0618 // Type or member is obsolete
+        var checkKnownIps = _options.KnownIPNetworks.Count > 0 || _options.KnownNetworks.Count > 0 || _options.KnownProxies.Count > 0;
+#pragma warning restore CS0618 // Type or member is obsolete
         bool applyChanges = false;
         int entriesConsumed = 0;
 
@@ -399,13 +401,22 @@ private bool CheckKnownAddress(IPAddress address)
         {
             return true;
         }
+        foreach (var network in _options.KnownIPNetworks)
+        {
+            if (network.Contains(address))
+            {
+                return true;
+            }
+        }
+#pragma warning disable CS0618 // Type or member is obsolete
         foreach (var network in _options.KnownNetworks)
         {
             if (network.Contains(address))
             {
                 return true;
             }
         }
+#pragma warning restore CS0618 // Type or member is obsolete
         return false;
     }
 
diff --git a/src/Middleware/HttpOverrides/src/ForwardedHeadersOptions.cs b/src/Middleware/HttpOverrides/src/ForwardedHeadersOptions.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using Microsoft.AspNetCore.HttpOverrides;
+using AspNetIPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork;
 using IPAddress = System.Net.IPAddress;
 using IPNetwork = System.Net.IPNetwork;
 
@@ -84,7 +85,13 @@ public class ForwardedHeadersOptions
     /// <summary>
     /// Address ranges of known proxies to accept forwarded headers from.
     /// </summary>
-    public IList<IPNetwork> KnownNetworks { get; } = new List<IPNetwork>() { new IPNetwork(IPAddress.Loopback, 8) };
+    [Obsolete("Please use KnownIPNetworks instead")]
+    public IList<AspNetIPNetwork> KnownNetworks { get; } = new List<AspNetIPNetwork>() { new AspNetIPNetwork(IPAddress.Loopback, 8) };
+
+    /// <summary>
+    /// Address ranges of known proxies to accept forwarded headers from.
+    /// </summary>
+    public IList<IPNetwork> KnownIPNetworks { get; } = new List<IPNetwork>() { new IPNetwork(IPAddress.Loopback, 8) };
 
     /// <summary>
     /// The allowed values from x-forwarded-host. If the list is empty then all hosts are allowed.
diff --git a/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs b/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs
@@ -120,7 +120,7 @@ public async Task XForwardedForForwardLimit(int limit, string header, string exp
                         ForwardLimit = limit,
                     };
                     options.KnownProxies.Clear();
-                    options.KnownNetworks.Clear();
+                    options.KnownIPNetworks.Clear();
                     app.UseForwardedHeaders(options);
                 });
             }).Build();
@@ -861,7 +861,7 @@ public async Task XForwardedProtoOverrideLimitedByLoopback(string protoHeader, s
                     };
                     if (!loopback)
                     {
-                        options.KnownNetworks.Clear();
+                        options.KnownIPNetworks.Clear();
                         options.KnownProxies.Clear();
                     }
                     app.UseForwardedHeaders(options);
@@ -888,7 +888,7 @@ public void AllForwardsDisabledByDefault()
         var options = new ForwardedHeadersOptions();
         Assert.True(options.ForwardedHeaders == ForwardedHeaders.None);
         Assert.Equal(1, options.ForwardLimit);
-        Assert.Single(options.KnownNetworks);
+        Assert.Single(options.KnownIPNetworks);
         Assert.Single(options.KnownProxies);
     }
 
@@ -1092,7 +1092,7 @@ public async Task XForwardForIPv4ToIPv6Mapping(string forHeader, string knownPro
             var knownNetworkParts = knownNetwork.Split('/');
             var networkIp = IPAddress.Parse(knownNetworkParts[0]);
             var prefixLength = int.Parse(knownNetworkParts[1], CultureInfo.InvariantCulture);
-            options.KnownNetworks.Add(new System.Net.IPNetwork(networkIp, prefixLength));
+            options.KnownIPNetworks.Add(new System.Net.IPNetwork(networkIp, prefixLength));
         }
 
         using var host = new HostBuilder()
@@ -1134,7 +1134,7 @@ public async Task ForwardersWithDIOptionsRunsOnce(int limit, string header, stri
                     {
                         options.ForwardedHeaders = ForwardedHeaders.XForwardedProto;
                         options.KnownProxies.Clear();
-                        options.KnownNetworks.Clear();
+                        options.KnownIPNetworks.Clear();
                         options.ForwardLimit = limit;
                     });
                 })
@@ -1176,7 +1176,7 @@ public async Task ForwardersWithDirectOptionsRunsTwice(int limit, string header,
                         ForwardLimit = limit,
                     };
                     options.KnownProxies.Clear();
-                    options.KnownNetworks.Clear();
+                    options.KnownIPNetworks.Clear();
                     app.UseForwardedHeaders(options);
                     app.UseForwardedHeaders(options);
                 });

Original file line number	Diff line number	Diff line change
`@@ -213,7 +213,9 @@ public void ApplyForwarders(HttpContext context)`
`213`	`213`	`// Host and Scheme initial values are never inspected, no need to set them here.`
`214`	`214`	`};`
`215`	`215`
`216`		`- var checkKnownIps = _options.KnownNetworks.Count > 0 \|\| _options.KnownProxies.Count > 0;`
	`216`	`+#pragma warning disable CS0618 // Type or member is obsolete`
	`217`	`+ var checkKnownIps = _options.KnownIPNetworks.Count > 0 \|\| _options.KnownNetworks.Count > 0 \|\| _options.KnownProxies.Count > 0;`
	`218`	`+#pragma warning restore CS0618 // Type or member is obsolete`
`217`	`219`	`bool applyChanges = false;`
`218`	`220`	`int entriesConsumed = 0;`
`219`	`221`
`@@ -399,13 +401,22 @@ private bool CheckKnownAddress(IPAddress address)`
`399`	`401`	`{`
`400`	`402`	`return true;`
`401`	`403`	`}`
	`404`	`+ foreach (var network in _options.KnownIPNetworks)`
	`405`	`+ {`
	`406`	`+ if (network.Contains(address))`
	`407`	`+ {`
	`408`	`+ return true;`
	`409`	`+ }`
	`410`	`+ }`
	`411`	`+#pragma warning disable CS0618 // Type or member is obsolete`
`402`	`412`	`foreach (var network in _options.KnownNetworks)`
`403`	`413`	`{`
`404`	`414`	`if (network.Contains(address))`
`405`	`415`	`{`
`406`	`416`	`return true;`
`407`	`417`	`}`
`408`	`418`	`}`
	`419`	`+#pragma warning restore CS0618 // Type or member is obsolete`
`409`	`420`	`return false;`
`410`	`421`	`}`
`411`	`422`