habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

root: check remote IP for proxy protocol same as HTTP/etc (#12094)

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L.
2024-11-20 21:33:35 +01:00
committed by GitHub
parent 14867e3fdd
commit d4bf3b7068
6 changed files with 41 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/web/web.go
View File

@ -19,6 +19,7 @@ import (
"goauthentik.io/internal/config"
"goauthentik.io/internal/gounicorn"
"goauthentik.io/internal/outpost/proxyv2"
"goauthentik.io/internal/utils"
"goauthentik.io/internal/utils/web"
"goauthentik.io/internal/web/brand_tls"
)
@ -149,7 +150,7 @@ func (ws *WebServer) listenPlain() {
ws.log.WithError(err).Warning("failed to listen")
return
}
proxyListener := &proxyproto.Listener{Listener: ln}
proxyListener := &proxyproto.Listener{Listener: ln, ConnPolicy: utils.GetProxyConnectionPolicy()}
defer proxyListener.Close()
ws.log.WithField("listen", config.Get().Listen.HTTP).Info("Starting HTTP server")