C# 如何自动确定ASP.NET核心应用程序的KnownNetworks,该应用程序在Kubernetes中运行,并带有集群内反向代理?
我正在Kubernetes的反向代理后面运行ASP.NET核心API,该代理发送C# 如何自动确定ASP.NET核心应用程序的KnownNetworks,该应用程序在Kubernetes中运行,并带有集群内反向代理?,c#,asp.net-core,kubernetes,C#,Asp.net Core,Kubernetes,我正在Kubernetes的反向代理后面运行ASP.NET核心API,该代理发送X-Forwarded-For、X-Forwarded-Proto、和X-Forwarded-Host头 我发现我需要使用UseForwardedHeaders()来接受来自代理的值,因此我编写了以下代码: var forwardedOptions = new ForwardedHeadersOptions() { ForwardedHeaders = Microsoft.AspNetCore.HttpOve
X-Forwarded-For
、X-Forwarded-Proto
、和X-Forwarded-Host
头
我发现我需要使用UseForwardedHeaders()
来接受来自代理的值,因此我编写了以下代码:
var forwardedOptions = new ForwardedHeadersOptions()
{
ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.All
};
forwardedOptions.KnownNetworks.Add(new IPNetwork(IPAddress.Parse(configuration["network:address"]), int.Parse(configuration["network:cidrMask"])));
app.UseForwardedHeaders(forwardedOptions);
我正在Kubernetes中运行我的API和反向代理,并且该API仅在集群中可见。因此,我不担心集群网络上有人伪造报头。我想做的是自动检测集群的内部子网,并将其添加到
KnownNetworks
列表中。这可能吗?如果是,如何计算?我创建了一个方法,用于计算范围内的起始值和每个活动接口的CIDR子网掩码:
private static IEnumerable<IPNetwork> GetNetworks(NetworkInterfaceType type)
{
foreach (var item in NetworkInterface.GetAllNetworkInterfaces()
.Where(n => n.NetworkInterfaceType == type && n.OperationalStatus == OperationalStatus.Up) // get all operational networks of a given type
.Select(n => n.GetIPProperties()) // get the IPs
.Where(n => n.GatewayAddresses.Any())) // where the IPs have a gateway defined
{
var ipInfo = item.UnicastAddresses.FirstOrDefault(i => i.Address.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork); // get the first cluster-facing IP address
if (ipInfo == null) { continue; }
// convert the mask to bits
var maskBytes = ipInfo.IPv4Mask.GetAddressBytes();
if (!BitConverter.IsLittleEndian)
{
Array.Reverse(maskBytes);
}
var maskBits = new BitArray(maskBytes);
// count the number of "true" bits to get the CIDR mask
var cidrMask = maskBits.Cast<bool>().Count(b => b);
// convert my application's ip address to bits
var ipBytes = ipInfo.Address.GetAddressBytes();
if (!BitConverter.IsLittleEndian)
{
Array.Reverse(maskBytes);
}
var ipBits = new BitArray(ipBytes);
// and the bits with the mask to get the start of the range
var maskedBits = ipBits.And(maskBits);
// Convert the masked IP back into an IP address
var maskedIpBytes = new byte[4];
maskedBits.CopyTo(maskedIpBytes, 0);
if (!BitConverter.IsLittleEndian)
{
Array.Reverse(maskedIpBytes);
}
var rangeStartIp = new IPAddress(maskedIpBytes);
// return the start IP and CIDR mask
yield return new IPNetwork(rangeStartIp, cidrMask);
}
}
var forwardedOptions = new ForwardedHeadersOptions()
{
ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.All
};
foreach (var network in GetNetworks(NetworkInterfaceType.Ethernet))
{
forwardedOptions.KnownNetworks.Add(network);
}
app.UseForwardedHeaders(forwardedOptions);