Changeset 426 in code for trunk/config


Ignore:
Timestamp:
Oct 25, 2020, 5:22:12 PM (5 years ago)
Author:
contact
Message:

Don't accept any IP as a proxy by default

It's too easy to setup a reverse proxy which doesn't support the PROXY
protocol, or lets the X-Forwarded-For header fields pass through.
Disable this by default.

To restore the previous behaviour, add accept-proxy-ip localhost to
the config file.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/config/config.go

    r424 r426  
    5353        }
    5454        return &Server{
    55                 Hostname:       hostname,
    56                 SQLDriver:      "sqlite3",
    57                 SQLSource:      "soju.db",
    58                 AcceptProxyIPs: loopbackIPs,
     55                Hostname:  hostname,
     56                SQLDriver: "sqlite3",
     57                SQLSource: "soju.db",
    5958        }
    6059}
     
    101100                        srv.AcceptProxyIPs = nil
    102101                        for _, s := range d.Params {
     102                                if s == "localhost" {
     103                                        srv.AcceptProxyIPs = append(srv.AcceptProxyIPs, loopbackIPs...)
     104                                        continue
     105                                }
    103106                                _, n, err := net.ParseCIDR(s)
    104107                                if err != nil {
Note: See TracChangeset for help on using the changeset viewer.