diff --git a/conventional.yaml b/conventional.yaml index 32043709..9e2618d7 100644 --- a/conventional.yaml +++ b/conventional.yaml @@ -134,10 +134,11 @@ server: motd-formatting: true # addresses/CIDRs the PROXY command can be used from - # this should be restricted to 127.0.0.1/8 and ::1/128 (unless you have a good reason) - # you should also add these addresses to the connection limits and throttling exemption lists + # this should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets), + # unless you have a good reason. you should also add these addresses to the + # connection limits and throttling exemption lists. proxy-allowed-from: - # - localhost + - localhost # - "192.168.1.1" # - "192.168.10.1/24" diff --git a/irc/server.go b/irc/server.go index 1d8a970c..ade9a1df 100644 --- a/irc/server.go +++ b/irc/server.go @@ -601,6 +601,10 @@ func (server *Server) applyConfig(config *Config) (err error) { newISupportReplies = oldConfig.Server.isupport.GetDifference(&config.Server.isupport) } + if len(config.Server.ProxyAllowedFrom) != 0 { + server.logger.Info("server", "Proxied IPs will be accepted from", strings.Join(config.Server.ProxyAllowedFrom, ", ")) + } + // we are now open for business err = server.setupListeners(config) diff --git a/oragono.yaml b/oragono.yaml index 2baaed62..74c3e01d 100644 --- a/oragono.yaml +++ b/oragono.yaml @@ -155,10 +155,11 @@ server: motd-formatting: true # addresses/CIDRs the PROXY command can be used from - # this should be restricted to 127.0.0.1/8 and ::1/128 (unless you have a good reason) - # you should also add these addresses to the connection limits and throttling exemption lists + # this should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets), + # unless you have a good reason. you should also add these addresses to the + # connection limits and throttling exemption lists. proxy-allowed-from: - # - localhost + - localhost # - "192.168.1.1" # - "192.168.10.1/24"