vegeta icon indicating copy to clipboard operation
vegeta copied to clipboard

Published 20 hours ago verified publisher icon tsenart

Proposal: Restrict redirect domains

Open Teddy-Schmitz opened this issue 6 years ago • 9 comments

Proposal

Restrict redirect URLs to a list of specific domains

Background

I want to have the ability to restrict the domains that vegeta will redirect to

Workarounds

I could provide my own HTTP client when using Vegeta as a library and put in a CheckRedirect function that does this, but I think this would be good to have in CLI mode as well. This could also cause some issues as it would conflict with the existing redirect counting function.

Notes

We would need to setup checkRedirect functions to be chainable to be able to do both, either or, neither of the redirect options. Could also add the ability for the library to add a custom CheckRedirect function to the chain as well.

Teddy-Schmitz avatar Feb 13 '19 03:02 Teddy-Schmitz

What is your specific proposal as to the CLI interface for this feature?

tsenart avatar Mar 02 '19 10:03 tsenart

I looked through the current CLI options and I think maybe there are a few options though none seem very elegant to me.

Have a new flag like -redirect-domains and users can provide a comma separated list of domains as in

-redirect-domains yahoo.com,google.com,images.google.com

another option would be to specify the flag for every domain you want, but I personally feel like that is very verbose.

the flag could also take in a file instead and parse the file to get a list of allowed domains.

Teddy-Schmitz avatar Mar 04 '19 10:03 Teddy-Schmitz

How would you feel about blacklisting the domains via /etc/hosts? You could use something like https://github.com/cbednarski/hostess before and after running vegeta.

tsenart avatar Mar 04 '19 11:03 tsenart

(Blacklisting by making DNS lookups return 0.0.0.0)

tsenart avatar Mar 04 '19 11:03 tsenart

I personally feel thats a little hacky way of doing it but it could work in a pinch. Since Go does provide a easy way to hook into redirect behaviour I feel it would be better to have it all done in vegeta itself. It also does stop you from marking the responses as successful like how the current -redirect does if you provide -1

Teddy-Schmitz avatar Mar 05 '19 01:03 Teddy-Schmitz

I personally feel thats a little hacky way of doing it but it could work in a pinch.

Would you be willing to give it a try and tell me how it went? You could call it hacky, or you could call it UNIX philosophy :) Arguable, I know.

It also does stop you from marking the responses as successful like how the current -redirect does if you provide -1

I think that if you'd blacklist with 0.0.0.0, redirects would not be marked as successful.

tsenart avatar Mar 05 '19 09:03 tsenart

I'll give it a shot doing it that way and let you know how it goes.

I think that if you'd blacklist with 0.0.0.0, redirects would not be marked as successful.

Ya that was my point what if you want them to be marked as succesful

Teddy-Schmitz avatar Mar 14 '19 07:03 Teddy-Schmitz

Using /etc/hosts to blacklist specific domains does work fine but what I am really trying to accomplish is to allow users to only be allowed to follow redirects to specific domains while disabling all others.

Teddy-Schmitz avatar Apr 02 '19 04:04 Teddy-Schmitz

it would be good to also copy headers if redirect is in restricted domains

p53 avatar Oct 28 '20 16:10 p53