diff options
| author | Francis Lavoie <lavofr@gmail.com> | 2023-02-06 14:44:11 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-06 12:44:11 -0700 |
| commit | 12bcbe2c4924ecbf6730fc340a7a4250bddcc9be (patch) | |
| tree | ae19f9b5969a5bfec041b1cd3c784135ce073aa8 /modules/caddyhttp/app.go | |
| parent | f6f1d8fc8931ae9ed9ed9b948b559a6149232fbc (diff) | |
caddyhttp: Pluggable trusted proxy IP range sources (#5328)
* caddyhttp: Pluggable trusted proxy IP range sources
* Add request to the IPRangeSource interface
Diffstat (limited to 'modules/caddyhttp/app.go')
| -rw-r--r-- | modules/caddyhttp/app.go | 23 |
1 files changed, 6 insertions, 17 deletions
diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index da25d37..0ec80ce 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -20,9 +20,7 @@ import ( "fmt" "net" "net/http" - "net/netip" "strconv" - "strings" "sync" "time" @@ -224,22 +222,13 @@ func (app *App) Provision(ctx caddy.Context) error { srv.StrictSNIHost = &trueBool } - // parse trusted proxy CIDRs ahead of time - for _, str := range srv.TrustedProxies { - if strings.Contains(str, "/") { - ipNet, err := netip.ParsePrefix(str) - if err != nil { - return fmt.Errorf("parsing CIDR expression: '%s': %v", str, err) - } - srv.trustedProxies = append(srv.trustedProxies, ipNet) - } else { - ipAddr, err := netip.ParseAddr(str) - if err != nil { - return fmt.Errorf("invalid IP address: '%s': %v", str, err) - } - ipNew := netip.PrefixFrom(ipAddr, ipAddr.BitLen()) - srv.trustedProxies = append(srv.trustedProxies, ipNew) + // set up the trusted proxies source + for srv.TrustedProxiesRaw != nil { + val, err := ctx.LoadModule(srv, "TrustedProxiesRaw") + if err != nil { + return fmt.Errorf("loading trusted proxies modules: %v", err) } + srv.trustedProxies = val.(IPRangeSource) } // process each listener address |