Changeset 426 in code

Timestamp:

Oct 25, 2020, 5:22:12 PM (5 years ago)

Author:

contact

Message:

Don't accept any IP as a proxy by default

It's too easy to setup a reverse proxy which doesn't support the PROXY
protocol, or lets the X-Forwarded-For header fields pass through.
Disable this by default.

To restore the previous behaviour, add accept-proxy-ip localhost to
the config file.

Location:

trunk

Files:

• config/config.go (modified) (2 diffs)
• doc/soju.1.scd (modified) (1 diff)

trunk/config/config.go

@@ -53 +53 @@
         }
         return &Server{
-                Hostname:       hostname,
-                SQLDriver:      "sqlite3",
-                SQLSource:      "soju.db",
-                AcceptProxyIPs: loopbackIPs,
+                Hostname:  hostname,
+                SQLDriver: "sqlite3",
+                SQLSource: "soju.db",
         }
 }
@@ -101 +100 @@
                         srv.AcceptProxyIPs = nil
                         for _, s := range d.Params {
+                                if s == "localhost" {
+                                        srv.AcceptProxyIPs = append(srv.AcceptProxyIPs, loopbackIPs...)
+                                        continue
+                                }
                                 _, n, err := net.ParseCIDR(s)
                                 if err != nil {

trunk/doc/soju.1.scd

@@ -115 +115 @@
         Allow the specified IPs to act as a proxy. Proxys have the ability to
         overwrite the remote and local connection addresses (via the X-Forwarded-\*
-        HTTP header fields). By default, the loopback addresses 127.0.0.0/8 and
-        ::1/128 are accepted.
+        HTTP header fields). The special name "localhost" accepts the loopback
+        addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected.
 
 # IRC SERVICE