88d241fd1de627b34d4e2ac8d4d1bd52bdbe4a85 — Simon Ser 10 months ago 24d8f21
Don't accept any IP as a proxy by default

It's too easy to setup a reverse proxy which doesn't support the PROXY
protocol, or lets the X-Forwarded-For header fields pass through.
Disable this by default.

To restore the previous behaviour, add `accept-proxy-ip localhost` to
the config file.
2 files changed, 9 insertions(+), 6 deletions(-)

M config/config.go
M doc/soju.1.scd
M config/config.go => config/config.go +7 -4
@@ 52,10 52,9 @@ func Defaults() *Server {
		hostname = "localhost"
	return &Server{
		Hostname:       hostname,
		SQLDriver:      "sqlite3",
		SQLSource:      "soju.db",
		AcceptProxyIPs: loopbackIPs,
		Hostname:  hostname,
		SQLDriver: "sqlite3",
		SQLSource: "soju.db",

@@ 100,6 99,10 @@ func parse(cfg scfg.Block) (*Server, error) {
		case "accept-proxy-ip":
			srv.AcceptProxyIPs = nil
			for _, s := range d.Params {
				if s == "localhost" {
					srv.AcceptProxyIPs = append(srv.AcceptProxyIPs, loopbackIPs...)
				_, n, err := net.ParseCIDR(s)
				if err != nil {
					return nil, fmt.Errorf("directive %q: failed to parse CIDR: %v", d.Name, err)

M doc/soju.1.scd => doc/soju.1.scd +2 -2
@@ 114,8 114,8 @@ The following directives are supported:
*accept-proxy-ip* <cidr...>
	Allow the specified IPs to act as a proxy. Proxys have the ability to
	overwrite the remote and local connection addresses (via the X-Forwarded-\*
	HTTP header fields). By default, the loopback addresses and
	::1/128 are accepted.
	HTTP header fields). The special name "localhost" accepts the loopback
	addresses and ::1/128. By default, all IPs are rejected.