Advocate Demo

This demo uses Advocate to prevent HTTP requests from hitting anything on the LAN. Try to see if you can get the contents of /secret/hello.txt from this webserver!



Address Validator

autodetect_local_addresses True
ip_blacklist set([])
ip_whitelist set([])
port_whitelist set([])
port_blacklist set([8080, 22])
hostname_blacklist set(['', '*', 'foocorp.internal', '*.foocorp.internal'])
allow_ipv6 True
allow_teredo True
allow_6to4 True
allow_dns64 True

Network Interfaces

lo {'AF_INET6': ['::1'], 'AF_INET': ['']}
lxcbr0 {'AF_INET': ['']}
eth0 {'AF_INET6': ['2604:a880:800:10::1d2:8001', 'fe80::601:81ff:fe8a:c801%eth0'], 'AF_INET': ['', '']}

Interesting files


# Your system has configured 'manage_etc_hosts' as True.
# As a result, if you wish for changes to this file to persist
# then you will need to either
# a.) make changes to the master file in /etc/cloud/templates/hosts.tmpl
# b.) change or remove the value of 'manage_etc_hosts' in
#     /etc/cloud/cloud.cfg or cloud-config from user-data advocate-testing advocate-testing localhost
fe80::601:81ff:fe8a:c801%eth0 advocate-link-local

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


geo $secret_accessible { 1;
  ::1 1;
  # In reality, you would just bind to and be done
  # with it if you wanted a local service, but let's keep
  # things interesting. 1;
  2604:a880:800:10::1d2:8001 1; 1;
  default 0;

server {
  listen 80 default;
  listen [::]:80;
  client_max_body_size 512K;
  server_name _;

  keepalive_timeout 5;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_set_header Cache-Control "public, max-age=240, must-revalidate";

  location /secret {
    if ($secret_accessible) {
      root /home/advocate/private-www/;

  location /static {
    root /home/advocate/advocate_example/webapp/;

  # I won't be editing these
  location ~ ^/static/.*\.min\..* {
    root /home/advocate/advocate_example/webapp/;
    add_header Cache-Control "public, max-age=3600, must-revalidate";

  location = /500.html {
    root /home/advocate/advocate_example/webapp/static;

  error_page 500 502 503 504 /500.html;