[PATCH] Support for regular expressions in trusted_proxies (mod_http)
13 views
Skip to first unread message
Boris Grozev
Jun 1, 2020, 3:45:52 PM6/1/20
to proso...@googlegroups.com
Hello everyone,
We have a use-case where we don't know the IP addresses of our HTTP
proxies in advance, so we want to configure an entire network in
trusted_proxies. I opted to implement it with additional syntax in the
trusted_proxies list in order to keep the configuration under the
existing key, while avoiding a change in semantics for existing
configurations (the "." in IP literals becomes a wildcard character in
a regexp).
Ideally this would support CIDR notation (so we can express e.g.
172.16/12), but that seemed much more complicated and not necessary
for our case.
Let me know if there's any changes you'd like me to make in order for
the patch to be accepted.
Regards,
Boris
We have a use-case where we don't know the IP addresses of our HTTP
proxies in advance, so we want to configure an entire network in
trusted_proxies. I opted to implement it with additional syntax in the
trusted_proxies list in order to keep the configuration under the
existing key, while avoiding a change in semantics for existing
configurations (the "." in IP literals becomes a wildcard character in
a regexp).
Ideally this would support CIDR notation (so we can express e.g.
172.16/12), but that seemed much more complicated and not necessary
for our case.
Let me know if there's any changes you'd like me to make in order for
the patch to be accepted.
Regards,
Boris
Kim Alvefur
Jun 10, 2020, 10:13:13 AM6/10/20
to proso...@googlegroups.com
Hi
On Mon Jun 1, 2020 at 4:44 PM CEST, Boris Grozev wrote:
> Hello everyone,
>
> We have a use-case where we don't know the IP addresses of our HTTP
> proxies in advance, so we want to configure an entire network in
> trusted_proxies. I opted to implement it with additional syntax in the
> trusted_proxies list in order to keep the configuration under the
> existing key, while avoiding a change in semantics for existing
> configurations (the "." in IP literals becomes a wildcard character in
> a regexp).
>
> Ideally this would support CIDR notation (so we can express e.g.
> 172.16/12), but that seemed much more complicated and not necessary
> for our case.
CIDR notation is supported by util.ip, which unfortunately is missing
documentation. Example use can be found in mod_register_limits, added in
this change: https://hg.prosody.im/0.11/rev/4796fdcb7146
> Let me know if there's any changes you'd like me to make in order for
> the patch to be accepted.
Normalize the whitespace to tabs please.
--
Regards,
Kim "Zash" Alvefur
On Mon Jun 1, 2020 at 4:44 PM CEST, Boris Grozev wrote:
> Hello everyone,
>
> We have a use-case where we don't know the IP addresses of our HTTP
> proxies in advance, so we want to configure an entire network in
> trusted_proxies. I opted to implement it with additional syntax in the
> trusted_proxies list in order to keep the configuration under the
> existing key, while avoiding a change in semantics for existing
> configurations (the "." in IP literals becomes a wildcard character in
> a regexp).
>
> Ideally this would support CIDR notation (so we can express e.g.
> 172.16/12), but that seemed much more complicated and not necessary
> for our case.
documentation. Example use can be found in mod_register_limits, added in
this change: https://hg.prosody.im/0.11/rev/4796fdcb7146
> Let me know if there's any changes you'd like me to make in order for
> the patch to be accepted.
--
Regards,
Kim "Zash" Alvefur
Boris Grozev
Jun 10, 2020, 2:21:10 PM6/10/20
to proso...@googlegroups.com
On Wed, Jun 10, 2020 at 9:13 AM Kim Alvefur <za...@zash.se> wrote:
>
> Hi
>
> On Mon Jun 1, 2020 at 4:44 PM CEST, Boris Grozev wrote:
> > Hello everyone,
> >
> > We have a use-case where we don't know the IP addresses of our HTTP
> > proxies in advance, so we want to configure an entire network in
> > trusted_proxies. I opted to implement it with additional syntax in the
> > trusted_proxies list in order to keep the configuration under the
> > existing key, while avoiding a change in semantics for existing
> > configurations (the "." in IP literals becomes a wildcard character in
> > a regexp).
> >
> > Ideally this would support CIDR notation (so we can express e.g.
> > 172.16/12), but that seemed much more complicated and not necessary
> > for our case.
>
> CIDR notation is supported by util.ip, which unfortunately is missing
> documentation. Example use can be found in mod_register_limits, added in
> this change: https://hg.prosody.im/0.11/rev/4796fdcb7146
That's much better, thanks for the pointer! The spec file is also
>
> Hi
>
> On Mon Jun 1, 2020 at 4:44 PM CEST, Boris Grozev wrote:
> > Hello everyone,
> >
> > We have a use-case where we don't know the IP addresses of our HTTP
> > proxies in advance, so we want to configure an entire network in
> > trusted_proxies. I opted to implement it with additional syntax in the
> > trusted_proxies list in order to keep the configuration under the
> > existing key, while avoiding a change in semantics for existing
> > configurations (the "." in IP literals becomes a wildcard character in
> > a regexp).
> >
> > Ideally this would support CIDR notation (so we can express e.g.
> > 172.16/12), but that seemed much more complicated and not necessary
> > for our case.
>
> CIDR notation is supported by util.ip, which unfortunately is missing
> documentation. Example use can be found in mod_register_limits, added in
> this change: https://hg.prosody.im/0.11/rev/4796fdcb7146
useful as a doc.
>
> > Let me know if there's any changes you'd like me to make in order for
> > the patch to be accepted.
>
> Normalize the whitespace to tabs please.
Regards,
Boris
Matthew Wild
Jun 10, 2020, 5:23:09 PM6/10/20
to Prosody IM Developers Group
On Wed, 10 Jun 2020 at 19:21, Boris Grozev <bo...@sip-communicator.org> wrote:
Fixed, attached the new patch.
Merged, thanks!
Regards,
Matthew
Reply all
Reply to author
Forward
0 new messages