GitHub/ergo
3
0
Fork 0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 18:52:41 +01:00
Code Issues Projects Releases Wiki Activity

don't check the real IP for bans on proxy-before-TLS

Browse Source 
In the k8s PROXY-before-TLS setting, we don't know all the IPs
of the load balancers, so we can't whitelist them, so they're at
risk of being d-lined.
This commit is contained in:
Shivaram Lingamneni 2020-01-09 04:38:59 -05:00
parent 5687fbb185
commit 6838d19acc
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
irc/client.go
View File

@ -222,8 +222,11 @@ func (server *Server) RunClient(conn clientConn, proxyLine string) {
isBanned, banMsg = server.checkTorLimits() isBanned, banMsg = server.checkTorLimits()
} else { } else {
realIP = utils.AddrToIP(conn.Conn.RemoteAddr()) realIP = utils.AddrToIP(conn.Conn.RemoteAddr())
// skip the ban check for k8s-style proxy-before-TLS
if proxyLine == "" {
isBanned, banMsg = server.checkBans(realIP) isBanned, banMsg = server.checkBans(realIP)
} }
}
if isBanned { if isBanned {
// this might not show up properly on some clients, // this might not show up properly on some clients,