Diff

mod_http_status/mod_http_status.lua @ 5702:e274431bf4ce

mod_http_status: Add IP allowlisting capabilities Based on mod_http_openmetrics
author Kim Alvefur <zash@zash.se>
date Wed, 25 Oct 2023 17:18:50 +0200
parent 5161:6af2d74daa15
line wrap: on
line diff
--- a/mod_http_status/mod_http_status.lua	Wed Oct 25 15:36:20 2023 +0200
+++ b/mod_http_status/mod_http_status.lua	Wed Oct 25 17:18:50 2023 +0200
@@ -2,13 +2,29 @@
 
 local json = require "util.json";
 local datetime = require "util.datetime".datetime;
+local ip = require "util.ip";
 
 local modulemanager = require "core.modulemanager";
 
+local permitted_ips = module:get_option_set("http_status_allow_ips", { "::1", "127.0.0.1" });
+local permitted_cidr = module:get_option_string("http_status_allow_cidr");
+
+local function is_permitted(request)
+	local ip_raw = request.ip;
+	if permitted_ips:contains(ip_raw) or
+	   (permitted_cidr and ip.match(ip.new_ip(ip_raw), ip.parse_cidr(permitted_cidr))) then
+		return true;
+	end
+	return false;
+end
+
 module:provides("http", {
 	route = {
 		GET = function(event)
 			local request, response = event.request, event.response;
+			if not is_permitted(request) then
+				return 403; -- Forbidden
+			end
 			response.headers.content_type = "application/json";
 
 			local resp = { ["*"] = true };