mirror of https://github.com/ergochat/ergo.git
don't check the real IP for bans on proxy-before-TLS
In the k8s PROXY-before-TLS setting, we don't know all the IPs of the load balancers, so we can't whitelist them, so they're at risk of being d-lined.
This commit is contained in:
parent
5687fbb185
commit
6838d19acc
|
@ -222,8 +222,11 @@ func (server *Server) RunClient(conn clientConn, proxyLine string) {
|
|||
isBanned, banMsg = server.checkTorLimits()
|
||||
} else {
|
||||
realIP = utils.AddrToIP(conn.Conn.RemoteAddr())
|
||||
// skip the ban check for k8s-style proxy-before-TLS
|
||||
if proxyLine == "" {
|
||||
isBanned, banMsg = server.checkBans(realIP)
|
||||
}
|
||||
}
|
||||
|
||||
if isBanned {
|
||||
// this might not show up properly on some clients,
|
||||
|
|
Loading…
Reference in New Issue