From 3fbd92e26d9bad1e2e14c7b2d2fe4999fcf53f8a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 3 Jun 2023 17:10:12 +0200 Subject: mod_http: Handle bracketed IP address format from RFC 7239 There are hints that this format might be used in X-Forwarded-For as well, so best handle it everywhere. Strips both brackets and optional port number. --- plugins/mod_http.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index f491a3f1..b7912019 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -297,7 +297,13 @@ module.add_host(module); -- set up handling on global context too local trusted_proxies = module:get_option_set("trusted_proxies", { "127.0.0.1", "::1" })._items; +--- deal with [ipv6]:port / ip:port format +local function normal_ip(ip) + return ip:match("^%[([%x:]*)%]") or ip:match("^([%d.]+)") or ip; +end + local function is_trusted_proxy(ip) + ip = normal_ip(ip); if trusted_proxies[ip] then return true; end -- cgit v1.2.3