summaryrefslogtreecommitdiff
path: root/caddyconfig
diff options
context:
space:
mode:
authorFrancis Lavoie <lavofr@gmail.com>2023-02-06 14:44:11 -0500
committerGitHub <noreply@github.com>2023-02-06 12:44:11 -0700
commit12bcbe2c4924ecbf6730fc340a7a4250bddcc9be (patch)
treeae19f9b5969a5bfec041b1cd3c784135ce073aa8 /caddyconfig
parentf6f1d8fc8931ae9ed9ed9b948b559a6149232fbc (diff)
caddyhttp: Pluggable trusted proxy IP range sources (#5328)
* caddyhttp: Pluggable trusted proxy IP range sources * Add request to the IPRangeSource interface
Diffstat (limited to 'caddyconfig')
-rw-r--r--caddyconfig/httpcaddyfile/serveroptions.go28
1 files changed, 20 insertions, 8 deletions
diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go
index dca4ede..eb57c58 100644
--- a/caddyconfig/httpcaddyfile/serveroptions.go
+++ b/caddyconfig/httpcaddyfile/serveroptions.go
@@ -43,7 +43,7 @@ type serverOptions struct {
MaxHeaderBytes int
Protocols []string
StrictSNIHost *bool
- TrustedProxies []string
+ TrustedProxiesRaw json.RawMessage
ShouldLogCredentials bool
Metrics *caddyhttp.Metrics
}
@@ -188,13 +188,25 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) {
serverOpts.StrictSNIHost = &boolVal
case "trusted_proxies":
- for d.NextArg() {
- if d.Val() == "private_ranges" {
- serverOpts.TrustedProxies = append(serverOpts.TrustedProxies, caddyhttp.PrivateRangesCIDR()...)
- continue
- }
- serverOpts.TrustedProxies = append(serverOpts.TrustedProxies, d.Val())
+ if !d.NextArg() {
+ return nil, d.Err("trusted_proxies expects an IP range source module name as its first argument")
+ }
+ modID := "http.ip_sources." + d.Val()
+ unm, err := caddyfile.UnmarshalModule(d, modID)
+ if err != nil {
+ return nil, err
+ }
+ source, ok := unm.(caddyhttp.IPRangeSource)
+ if !ok {
+ return nil, fmt.Errorf("module %s (%T) is not an IP range source", modID, unm)
}
+ jsonSource := caddyconfig.JSONModuleObject(
+ source,
+ "source",
+ source.(caddy.Module).CaddyModule().ID.Name(),
+ nil,
+ )
+ serverOpts.TrustedProxiesRaw = jsonSource
case "metrics":
if d.NextArg() {
@@ -304,7 +316,7 @@ func applyServerOptions(
server.MaxHeaderBytes = opts.MaxHeaderBytes
server.Protocols = opts.Protocols
server.StrictSNIHost = opts.StrictSNIHost
- server.TrustedProxies = opts.TrustedProxies
+ server.TrustedProxiesRaw = opts.TrustedProxiesRaw
server.Metrics = opts.Metrics
if opts.ShouldLogCredentials {
if server.Logs == nil {