diff options
author | Kim Alvefur <zash@zash.se> | 2023-06-03 17:10:12 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2023-06-03 17:10:12 +0200 |
commit | 3fbd92e26d9bad1e2e14c7b2d2fe4999fcf53f8a (patch) | |
tree | 12e5b226915d0e41b63815726fd69e898eec5c51 /plugins | |
parent | 99906e5b9c212beaf6cbc21580d67a5806fa4f24 (diff) | |
download | prosody-3fbd92e26d9bad1e2e14c7b2d2fe4999fcf53f8a.tar.gz prosody-3fbd92e26d9bad1e2e14c7b2d2fe4999fcf53f8a.zip |
mod_http: Handle bracketed IP address format from RFC 7239
There are hints that this format might be used in X-Forwarded-For as
well, so best handle it everywhere. Strips both brackets and optional
port number.
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/mod_http.lua | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index f491a3f1..b7912019 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -297,7 +297,13 @@ module.add_host(module); -- set up handling on global context too local trusted_proxies = module:get_option_set("trusted_proxies", { "127.0.0.1", "::1" })._items; +--- deal with [ipv6]:port / ip:port format +local function normal_ip(ip) + return ip:match("^%[([%x:]*)%]") or ip:match("^([%d.]+)") or ip; +end + local function is_trusted_proxy(ip) + ip = normal_ip(ip); if trusted_proxies[ip] then return true; end |