diff --git a/irc/help.go b/irc/help.go index 499fd830..cf0751df 100644 --- a/irc/help.go +++ b/irc/help.go @@ -361,8 +361,8 @@ Sends the text to the given targets as a PRIVMSG.`, oper: true, // not really, but it's restricted anyways text: `PROXY TCP4/6 -Used by haproxy's PROXY protocol, to allow for alternate TLS support: -http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt`, +Used by haproxy's PROXY v1 protocol, to allow for alternate TLS support: +http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt`, }, "rename": { text: `RENAME [] diff --git a/irc/server.go b/irc/server.go index b969b2b9..41b78a79 100644 --- a/irc/server.go +++ b/irc/server.go @@ -2228,12 +2228,18 @@ func userhostHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool } // PROXY TCP4/6 SOURCEIP DESTIP SOURCEPORT DESTPORT -// http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt +// http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt func proxyHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool { + // only allow unregistered clients to use this command + if client.registered { + return false + } + clientAddress := IPString(client.socket.conn.RemoteAddr()) clientHostname := client.hostname for _, address := range server.proxyAllowedFrom { if clientHostname == address || clientAddress == address { + //TODO(dan): check DLINEs and connection throttling/limits client.proxiedIP = msg.Params[1] client.hostname = LookupHostname(msg.Params[1]) return false diff --git a/oragono.yaml b/oragono.yaml index 5159df7a..edd1af7a 100644 --- a/oragono.yaml +++ b/oragono.yaml @@ -67,7 +67,10 @@ server: # addresses/hostnames the PROXY command can be used from # this should be restricted to 127.0.0.1 and localhost at most - proxy-allowed-from: [] + # you should also add these addresses to the connection limits and throttling exemption lists + proxy-allowed-from: + # - localhost + # - "127.0.0.1" # maximum length of clients' sendQ in bytes # this should be big enough to hold /LIST and HELP replies