Mercurial > prosody-modules
annotate mod_secure_interfaces/mod_secure_interfaces.lua @ 3724:1c3c7d73c5a6
mod_register_web: Fix to use real client IP in case of proxy forwarding (thanks Sebastian)
mod_http since Prosody 0.11 will process the `X-Forwarded-For` header and store the result in `request.ip`.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 01 Nov 2019 17:15:29 +0100 |
parents | 6c806a99f802 |
children |
rev | line source |
---|---|
2730
cd828b1cb5b9
mod_secure_interfaces: Add ::1 to the default secure_interfaces.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
2726
diff
changeset
|
1 local secure_interfaces = module:get_option_set("secure_interfaces", { "127.0.0.1", "::1" }); |
1177
a464261deba8
mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
a464261deba8
mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 module:hook("stream-features", function (event) |
a464261deba8
mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local session = event.origin; |
a464261deba8
mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 if session.type ~= "c2s_unauthed" then return; end |
a464261deba8
mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 local socket = session.conn:socket(); |
2726
55f3ab952d06
mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents:
1177
diff
changeset
|
7 if not socket.getsockname then |
55f3ab952d06
mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents:
1177
diff
changeset
|
8 module:log("debug", "Unable to determine local address of incoming connection"); |
55f3ab952d06
mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents:
1177
diff
changeset
|
9 return; |
55f3ab952d06
mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents:
1177
diff
changeset
|
10 end |
1177
a464261deba8
mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local localip = socket:getsockname(); |
a464261deba8
mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 if secure_interfaces:contains(localip) then |
2726
55f3ab952d06
mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents:
1177
diff
changeset
|
13 module:log("debug", "Marking session from %s to %s as secure", session.ip or "[?]", localip); |
1177
a464261deba8
mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 session.secure = true; |
3415
6c806a99f802
mod_secure_interfaces: Prevent starttls on connections marked secure (fixes #1274)
Kim Alvefur <zash@zash.se>
parents:
2730
diff
changeset
|
15 session.conn.starttls = false; |
2726
55f3ab952d06
mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents:
1177
diff
changeset
|
16 else |
55f3ab952d06
mod_secure_interfaces: Add debug log in non-secure case also
Matthew Wild <mwild1@gmail.com>
parents:
1177
diff
changeset
|
17 module:log("debug", "Not marking session from %s to %s as secure", session.ip or "[?]", localip); |
1177
a464261deba8
mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 end |
a464261deba8
mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 end, 2500); |