habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

root: check remote IP for proxy protocol same as HTTP/etc (#12094)

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L.
2024-11-20 21:33:35 +01:00
committed by GitHub
parent 14867e3fdd
commit d4bf3b7068
6 changed files with 41 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/outpost/proxyv2/proxyv2.go
View File

@ -129,7 +129,7 @@ func (ps *ProxyServer) ServeHTTP() {
ps.log.WithField("listen", listenAddress).WithError(err).Warning("Failed to listen")
return
}
proxyListener := &proxyproto.Listener{Listener: listener}
proxyListener := &proxyproto.Listener{Listener: listener, ConnPolicy: utils.GetProxyConnectionPolicy()}
defer proxyListener.Close()
ps.log.WithField("listen", listenAddress).Info("Starting HTTP server")
@ -148,7 +148,7 @@ func (ps *ProxyServer) ServeHTTPS() {
ps.log.WithError(err).Warning("Failed to listen (TLS)")
return
}
proxyListener := &proxyproto.Listener{Listener: web.TCPKeepAliveListener{TCPListener: ln.(*net.TCPListener)}}
proxyListener := &proxyproto.Listener{Listener: web.TCPKeepAliveListener{TCPListener: ln.(*net.TCPListener)}, ConnPolicy: utils.GetProxyConnectionPolicy()}
defer proxyListener.Close()
tlsListener := tls.NewListener(proxyListener, tlsConfig)