fix(honeypot/naive): implement better IP parsing logic
Signed-off-by: Xe Iaso <me@xeiaso.net>
This commit is contained in:
Xe Iaso
parent
122e4bc072
commit
40afc13d7f
2 changed files with 7 additions and 3 deletions
|
|
@ -100,6 +100,9 @@ func XForwardedForToXRealIP(next http.Handler) http.Handler {
|
|||
ip := xff.Parse(xffHeader)
|
||||
slog.Debug("setting X-Real-Ip from X-Forwarded-For", "to", ip, "x-forwarded-for", xffHeader)
|
||||
r.Header.Set("X-Real-Ip", ip)
|
||||
if addr, err := netip.ParseAddr(ip); err == nil {
|
||||
r = r.WithContext(context.WithValue(r.Context(), realIPKey{}, addr))
|
||||
}
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
|
|
|
|||
|
|
@ -6,7 +6,9 @@ import (
|
|||
"fmt"
|
||||
"log/slog"
|
||||
"math/rand/v2"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/netip"
|
||||
"time"
|
||||
|
||||
"github.com/TecharoHQ/anubis/internal"
|
||||
|
|
@ -152,9 +154,8 @@ func (i *Impl) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
realIP, _ := internal.RealIP(r)
|
||||
if !realIP.IsValid() {
|
||||
lg.Error("the real IP is somehow invalid, bad middleware stack?")
|
||||
http.Error(w, "The cake is a lie", http.StatusTeapot)
|
||||
return
|
||||
host, _, _ := net.SplitHostPort(r.RemoteAddr)
|
||||
realIP = netip.MustParseAddr(host)
|
||||
}
|
||||
|
||||
network, ok := internal.ClampIP(realIP)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue