Annotate

mod_secure_interfaces/mod_secure_interfaces.lua @ 5698:17ea26cf7259

mod_storage_s3: Use '@' as placeholder for empty (host) store slots Used when the server stores things for itself.
author Kim Alvefur <zash@zash.se>
date Sat, 14 Oct 2023 22:49:57 +0200
parent 3415:6c806a99f802
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2730
cd828b1cb5b9 mod_secure_interfaces: Add ::1 to the default secure_interfaces.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 2726
diff changeset
1 local secure_interfaces = module:get_option_set("secure_interfaces", { "127.0.0.1", "::1" });
1177
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 module:hook("stream-features", function (event)
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 local session = event.origin;
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 if session.type ~= "c2s_unauthed" then return; end
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local socket = session.conn:socket();
2726
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents: 1177
diff changeset
7 if not socket.getsockname then
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents: 1177
diff changeset
8 module:log("debug", "Unable to determine local address of incoming connection");
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents: 1177
diff changeset
9 return;
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents: 1177
diff changeset
10 end
1177
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local localip = socket:getsockname();
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 if secure_interfaces:contains(localip) then
2726
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents: 1177
diff changeset
13 module:log("debug", "Marking session from %s to %s as secure", session.ip or "[?]", localip);
1177
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 session.secure = true;
3415
6c806a99f802 mod_secure_interfaces: Prevent starttls on connections marked secure (fixes #1274)
Kim Alvefur <zash@zash.se>
parents: 2730
diff changeset
15 session.conn.starttls = false;
2726
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents: 1177
diff changeset
16 else
55f3ab952d06 mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents: 1177
diff changeset
17 module:log("debug", "Not marking session from %s to %s as secure", session.ip or "[?]", localip);
1177
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 end
a464261deba8 mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 end, 2500);