diff --git a/src/DefaultBuilder/src/ForwardedHeadersOptionsSetup.cs b/src/DefaultBuilder/src/ForwardedHeadersOptionsSetup.cs
index 98835ff05482..8109ca39b323 100644
--- a/src/DefaultBuilder/src/ForwardedHeadersOptionsSetup.cs
+++ b/src/DefaultBuilder/src/ForwardedHeadersOptionsSetup.cs
@@ -27,7 +27,10 @@ public void Configure(ForwardedHeadersOptions options)
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
// Only loopback proxies are allowed by default. Clear that restriction because forwarders are
// being enabled by explicit configuration.
+#pragma warning disable ASPDEPR005 // KnownNetworks is obsolete
options.KnownNetworks.Clear();
+#pragma warning restore ASPDEPR005 // KnownNetworks is obsolete
+ options.KnownIPNetworks.Clear();
options.KnownProxies.Clear();
}
}
diff --git a/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs b/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs
index d00ccfa0a13d..fb1e757ff2e2 100644
--- a/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs
+++ b/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs
@@ -213,7 +213,11 @@ public void ApplyForwarders(HttpContext context)
// Host and Scheme initial values are never inspected, no need to set them here.
};
- var checkKnownIps = _options.KnownNetworks.Count > 0 || _options.KnownProxies.Count > 0;
+ var checkKnownIps = _options.KnownIPNetworks.Count > 0
+#pragma warning disable ASPDEPR005 // KnownNetworks is obsolete
+ || _options.KnownNetworks.Count > 0
+#pragma warning restore ASPDEPR005 // KnownNetworks is obsolete
+ || _options.KnownProxies.Count > 0;
bool applyChanges = false;
int entriesConsumed = 0;
@@ -399,6 +403,14 @@ private bool CheckKnownAddress(IPAddress address)
{
return true;
}
+ foreach (var network in _options.KnownIPNetworks)
+ {
+ if (network.Contains(address))
+ {
+ return true;
+ }
+ }
+#pragma warning disable ASPDEPR005 // KnownNetworks is obsolete
foreach (var network in _options.KnownNetworks)
{
if (network.Contains(address))
@@ -406,6 +418,7 @@ private bool CheckKnownAddress(IPAddress address)
return true;
}
}
+#pragma warning restore ASPDEPR005 // KnownNetworks is obsolete
return false;
}
diff --git a/src/Middleware/HttpOverrides/src/ForwardedHeadersOptions.cs b/src/Middleware/HttpOverrides/src/ForwardedHeadersOptions.cs
index ceb8ab32b997..e0ed1820c001 100644
--- a/src/Middleware/HttpOverrides/src/ForwardedHeadersOptions.cs
+++ b/src/Middleware/HttpOverrides/src/ForwardedHeadersOptions.cs
@@ -2,7 +2,9 @@
// The .NET Foundation licenses this file to you under the MIT license.
using Microsoft.AspNetCore.HttpOverrides;
+using AspNetIPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork;
using IPAddress = System.Net.IPAddress;
+using IPNetwork = System.Net.IPNetwork;
namespace Microsoft.AspNetCore.Builder;
@@ -82,8 +84,15 @@ public class ForwardedHeadersOptions
///
/// Address ranges of known proxies to accept forwarded headers from.
+ /// Obsolete, please use instead
///
- public IList KnownNetworks { get; } = new List() { new IPNetwork(IPAddress.Loopback, 8) };
+ [Obsolete("Please use KnownIPNetworks instead. For more information, visit https://aka.ms/aspnet/deprecate/005.", DiagnosticId = "ASPDEPR005")]
+ public IList KnownNetworks { get; } = new List() { new(IPAddress.Loopback, 8) };
+
+ ///
+ /// Address ranges of known proxies to accept forwarded headers from.
+ ///
+ public IList KnownIPNetworks { get; } = new List() { new(IPAddress.Loopback, 8) };
///
/// The allowed values from x-forwarded-host. If the list is empty then all hosts are allowed.
diff --git a/src/Middleware/HttpOverrides/src/IPNetwork.cs b/src/Middleware/HttpOverrides/src/IPNetwork.cs
index 9888de2d1535..945d3e8eacb7 100644
--- a/src/Middleware/HttpOverrides/src/IPNetwork.cs
+++ b/src/Middleware/HttpOverrides/src/IPNetwork.cs
@@ -9,7 +9,9 @@ namespace Microsoft.AspNetCore.HttpOverrides;
///
/// A representation of an IP network based on CIDR notation.
+/// Please use instead
///
+[Obsolete("Please use System.Net.IPNetwork instead. For more information, visit https://aka.ms/aspnet/deprecate/005.", DiagnosticId = "ASPDEPR005")]
public class IPNetwork
{
///
diff --git a/src/Middleware/HttpOverrides/src/PublicAPI.Unshipped.txt b/src/Middleware/HttpOverrides/src/PublicAPI.Unshipped.txt
index 7dc5c58110bf..c08a53cc6255 100644
--- a/src/Middleware/HttpOverrides/src/PublicAPI.Unshipped.txt
+++ b/src/Middleware/HttpOverrides/src/PublicAPI.Unshipped.txt
@@ -1 +1,2 @@
#nullable enable
+Microsoft.AspNetCore.Builder.ForwardedHeadersOptions.KnownIPNetworks.get -> System.Collections.Generic.IList!
diff --git a/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs b/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs
index 4fd1341acc45..317d2853d023 100644
--- a/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs
+++ b/src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs
@@ -120,7 +120,10 @@ public async Task XForwardedForForwardLimit(int limit, string header, string exp
ForwardLimit = limit,
};
options.KnownProxies.Clear();
+#pragma warning disable ASPDEPR005 // KnownNetworks is obsolete
options.KnownNetworks.Clear();
+#pragma warning restore ASPDEPR005 // KnownNetworks is obsolete
+ options.KnownIPNetworks.Clear();
app.UseForwardedHeaders(options);
});
}).Build();
@@ -861,7 +864,10 @@ public async Task XForwardedProtoOverrideLimitedByLoopback(string protoHeader, s
};
if (!loopback)
{
+#pragma warning disable ASPDEPR005 // KnownNetworks is obsolete
options.KnownNetworks.Clear();
+#pragma warning restore ASPDEPR005 // KnownNetworks is obsolete
+ options.KnownIPNetworks.Clear();
options.KnownProxies.Clear();
}
app.UseForwardedHeaders(options);
@@ -888,7 +894,7 @@ public void AllForwardsDisabledByDefault()
var options = new ForwardedHeadersOptions();
Assert.True(options.ForwardedHeaders == ForwardedHeaders.None);
Assert.Equal(1, options.ForwardLimit);
- Assert.Single(options.KnownNetworks);
+ Assert.Single(options.KnownIPNetworks);
Assert.Single(options.KnownProxies);
}
@@ -1092,7 +1098,7 @@ public async Task XForwardForIPv4ToIPv6Mapping(string forHeader, string knownPro
var knownNetworkParts = knownNetwork.Split('/');
var networkIp = IPAddress.Parse(knownNetworkParts[0]);
var prefixLength = int.Parse(knownNetworkParts[1], CultureInfo.InvariantCulture);
- options.KnownNetworks.Add(new IPNetwork(networkIp, prefixLength));
+ options.KnownIPNetworks.Add(new System.Net.IPNetwork(networkIp, prefixLength));
}
using var host = new HostBuilder()
@@ -1134,7 +1140,10 @@ public async Task ForwardersWithDIOptionsRunsOnce(int limit, string header, stri
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedProto;
options.KnownProxies.Clear();
+#pragma warning disable ASPDEPR005 // KnownNetworks is obsolete
options.KnownNetworks.Clear();
+#pragma warning restore ASPDEPR005 // KnownNetworks is obsolete
+ options.KnownIPNetworks.Clear();
options.ForwardLimit = limit;
});
})
@@ -1176,7 +1185,10 @@ public async Task ForwardersWithDirectOptionsRunsTwice(int limit, string header,
ForwardLimit = limit,
};
options.KnownProxies.Clear();
+#pragma warning disable ASPDEPR005 // KnownNetworks is obsolete
options.KnownNetworks.Clear();
+#pragma warning restore ASPDEPR005 // KnownNetworks is obsolete
+ options.KnownIPNetworks.Clear();
app.UseForwardedHeaders(options);
app.UseForwardedHeaders(options);
});
diff --git a/src/Middleware/HttpOverrides/test/IPNetworkTest.cs b/src/Middleware/HttpOverrides/test/IPNetworkTest.cs
index c8f33f7a333b..5ad9acfd925e 100644
--- a/src/Middleware/HttpOverrides/test/IPNetworkTest.cs
+++ b/src/Middleware/HttpOverrides/test/IPNetworkTest.cs
@@ -4,6 +4,7 @@
namespace Microsoft.AspNetCore.HttpOverrides;
+[Obsolete("Microsoft.AspNetCore.HttpOverrides.IPNetwork is obsolete. For more information, visit https://aka.ms/aspnet/deprecate/005.", DiagnosticId = "ASPDEPR005")]
public class IPNetworkTest
{
[Theory]