3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-10 22:19:31 +01:00

Merge pull request #989 from slingamn/proxy_allowed_localhost

new recommended default: proxy allowed from localhost
This commit is contained in:
Shivaram Lingamneni 2020-05-06 20:22:28 -07:00 committed by GitHub
commit c426cc8bab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 6 deletions

View File

@ -134,10 +134,11 @@ server:
motd-formatting: true motd-formatting: true
# addresses/CIDRs the PROXY command can be used from # addresses/CIDRs the PROXY command can be used from
# this should be restricted to 127.0.0.1/8 and ::1/128 (unless you have a good reason) # this should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets),
# you should also add these addresses to the connection limits and throttling exemption lists # unless you have a good reason. you should also add these addresses to the
# connection limits and throttling exemption lists.
proxy-allowed-from: proxy-allowed-from:
# - localhost - localhost
# - "192.168.1.1" # - "192.168.1.1"
# - "192.168.10.1/24" # - "192.168.10.1/24"

View File

@ -601,6 +601,10 @@ func (server *Server) applyConfig(config *Config) (err error) {
newISupportReplies = oldConfig.Server.isupport.GetDifference(&config.Server.isupport) newISupportReplies = oldConfig.Server.isupport.GetDifference(&config.Server.isupport)
} }
if len(config.Server.ProxyAllowedFrom) != 0 {
server.logger.Info("server", "Proxied IPs will be accepted from", strings.Join(config.Server.ProxyAllowedFrom, ", "))
}
// we are now open for business // we are now open for business
err = server.setupListeners(config) err = server.setupListeners(config)

View File

@ -155,10 +155,11 @@ server:
motd-formatting: true motd-formatting: true
# addresses/CIDRs the PROXY command can be used from # addresses/CIDRs the PROXY command can be used from
# this should be restricted to 127.0.0.1/8 and ::1/128 (unless you have a good reason) # this should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets),
# you should also add these addresses to the connection limits and throttling exemption lists # unless you have a good reason. you should also add these addresses to the
# connection limits and throttling exemption lists.
proxy-allowed-from: proxy-allowed-from:
# - localhost - localhost
# - "192.168.1.1" # - "192.168.1.1"
# - "192.168.10.1/24" # - "192.168.10.1/24"