Changeset

13125:90394be5e6a5

mod_http: Handle bracketed IP address format from RFC 7239 There are hints that this format might be used in X-Forwarded-For as well, so best handle it everywhere. Strips both brackets and optional port number.
author Kim Alvefur <zash@zash.se>
date Sat, 03 Jun 2023 17:10:12 +0200
parents 13124:f15e23840780
children 13126:d043834f15d2
files plugins/mod_http.lua
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_http.lua	Sat Jun 03 16:15:52 2023 +0200
+++ b/plugins/mod_http.lua	Sat Jun 03 17:10:12 2023 +0200
@@ -297,7 +297,13 @@
 
 local trusted_proxies = module:get_option_set("trusted_proxies", { "127.0.0.1", "::1" })._items;
 
+--- deal with [ipv6]:port / ip:port format
+local function normal_ip(ip)
+	return ip:match("^%[([%x:]*)%]") or ip:match("^([%d.]+)") or ip;
+end
+
 local function is_trusted_proxy(ip)
+	ip = normal_ip(ip);
 	if trusted_proxies[ip] then
 		return true;
 	end