diff options
| author | Francis Lavoie <lavofr@gmail.com> | 2023-02-06 14:44:11 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-06 12:44:11 -0700 |
| commit | 12bcbe2c4924ecbf6730fc340a7a4250bddcc9be (patch) | |
| tree | ae19f9b5969a5bfec041b1cd3c784135ce073aa8 /caddyconfig | |
| parent | f6f1d8fc8931ae9ed9ed9b948b559a6149232fbc (diff) | |
caddyhttp: Pluggable trusted proxy IP range sources (#5328)
* caddyhttp: Pluggable trusted proxy IP range sources
* Add request to the IPRangeSource interface
Diffstat (limited to 'caddyconfig')
| -rw-r--r-- | caddyconfig/httpcaddyfile/serveroptions.go | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index dca4ede..eb57c58 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -43,7 +43,7 @@ type serverOptions struct { MaxHeaderBytes int Protocols []string StrictSNIHost *bool - TrustedProxies []string + TrustedProxiesRaw json.RawMessage ShouldLogCredentials bool Metrics *caddyhttp.Metrics } @@ -188,13 +188,25 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { serverOpts.StrictSNIHost = &boolVal case "trusted_proxies": - for d.NextArg() { - if d.Val() == "private_ranges" { - serverOpts.TrustedProxies = append(serverOpts.TrustedProxies, caddyhttp.PrivateRangesCIDR()...) - continue - } - serverOpts.TrustedProxies = append(serverOpts.TrustedProxies, d.Val()) + if !d.NextArg() { + return nil, d.Err("trusted_proxies expects an IP range source module name as its first argument") + } + modID := "http.ip_sources." + d.Val() + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return nil, err + } + source, ok := unm.(caddyhttp.IPRangeSource) + if !ok { + return nil, fmt.Errorf("module %s (%T) is not an IP range source", modID, unm) } + jsonSource := caddyconfig.JSONModuleObject( + source, + "source", + source.(caddy.Module).CaddyModule().ID.Name(), + nil, + ) + serverOpts.TrustedProxiesRaw = jsonSource case "metrics": if d.NextArg() { @@ -304,7 +316,7 @@ func applyServerOptions( server.MaxHeaderBytes = opts.MaxHeaderBytes server.Protocols = opts.Protocols server.StrictSNIHost = opts.StrictSNIHost - server.TrustedProxies = opts.TrustedProxies + server.TrustedProxiesRaw = opts.TrustedProxiesRaw server.Metrics = opts.Metrics if opts.ShouldLogCredentials { if server.Logs == nil { |