diff options
| author | Kim Alvefur <zash@zash.se> | 2023-06-03 17:10:12 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2023-06-03 17:10:12 +0200 |
| commit | 3fbd92e26d9bad1e2e14c7b2d2fe4999fcf53f8a (patch) | |
| tree | 12e5b226915d0e41b63815726fd69e898eec5c51 | |
| parent | 99906e5b9c212beaf6cbc21580d67a5806fa4f24 (diff) | |
| download | prosody-3fbd92e26d9bad1e2e14c7b2d2fe4999fcf53f8a.tar.gz prosody-3fbd92e26d9bad1e2e14c7b2d2fe4999fcf53f8a.zip | |
mod_http: Handle bracketed IP address format from RFC 7239
There are hints that this format might be used in X-Forwarded-For as
well, so best handle it everywhere. Strips both brackets and optional
port number.
| -rw-r--r-- | plugins/mod_http.lua | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index f491a3f1..b7912019 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -297,7 +297,13 @@ module.add_host(module); -- set up handling on global context too local trusted_proxies = module:get_option_set("trusted_proxies", { "127.0.0.1", "::1" })._items; +--- deal with [ipv6]:port / ip:port format +local function normal_ip(ip) + return ip:match("^%[([%x:]*)%]") or ip:match("^([%d.]+)") or ip; +end + local function is_trusted_proxy(ip) + ip = normal_ip(ip); if trusted_proxies[ip] then return true; end |