aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-06-03 17:10:12 +0200
committerKim Alvefur <zash@zash.se>2023-06-03 17:10:12 +0200
commit3fbd92e26d9bad1e2e14c7b2d2fe4999fcf53f8a (patch)
tree12e5b226915d0e41b63815726fd69e898eec5c51 /plugins
parent99906e5b9c212beaf6cbc21580d67a5806fa4f24 (diff)
downloadprosody-3fbd92e26d9bad1e2e14c7b2d2fe4999fcf53f8a.tar.gz
prosody-3fbd92e26d9bad1e2e14c7b2d2fe4999fcf53f8a.zip
mod_http: Handle bracketed IP address format from RFC 7239
There are hints that this format might be used in X-Forwarded-For as well, so best handle it everywhere. Strips both brackets and optional port number.
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_http.lua6
1 files changed, 6 insertions, 0 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua
index f491a3f1..b7912019 100644
--- a/plugins/mod_http.lua
+++ b/plugins/mod_http.lua
@@ -297,7 +297,13 @@ module.add_host(module); -- set up handling on global context too
local trusted_proxies = module:get_option_set("trusted_proxies", { "127.0.0.1", "::1" })._items;
+--- deal with [ipv6]:port / ip:port format
+local function normal_ip(ip)
+ return ip:match("^%[([%x:]*)%]") or ip:match("^([%d.]+)") or ip;
+end
+
local function is_trusted_proxy(ip)
+ ip = normal_ip(ip);
if trusted_proxies[ip] then
return true;
end