aboutsummaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org>2020-03-25 13:44:40 +0200
committerSergey Poznyakoff <gray@gnu.org>2020-03-25 13:48:56 +0200
commite801d94e40f23c09f27a807fec48fc0133ddb1c6 (patch)
treea7cae42d7f81c4becddecdf69fc854a42e81e555 /README
parenta6d6598a99f654cf25a65e512ce7bf4856fda3b2 (diff)
downloadvmod-remoteip-e801d94e40f23c09f27a807fec48fc0133ddb1c6.tar.gz
vmod-remoteip-e801d94e40f23c09f27a807fec48fc0133ddb1c6.tar.bz2
Use ACL to hold IPs of the trusted proxies.v2.0
Suggested by Dridi Boukelmoune.
Diffstat (limited to 'README')
-rw-r--r--README11
1 files changed, 6 insertions, 5 deletions
diff --git a/README b/README
index ca814ba..d022c28 100644
--- a/README
+++ b/README
@@ -20,10 +20,11 @@ hosts from the ACL "allowed":
#+BEGIN_SRC vcl-script
import std;
import remoteip;
-
- sub vcl_init {
- // Register trusted proxy server addresses
- remoteip.init("192.0.2.1, 127.0.0.1");
+
+ // Register trusted proxy server addresses
+ acl trusted {
+ "192.0.2.1";
+ "127.0.0.1";
}
acl allowed {
@@ -32,7 +33,7 @@ hosts from the ACL "allowed":
}
sub vcl_recv {
- set req.http.x-real-ip = remoteip.get(req.http.X-Forwarded-For);
+ set req.http.x-real-ip = remoteip.get(trusted, req.http.X-Forwarded-For);
if (std.ip(req.http.x-real-ip) ~ allowed) {
...
}

Return to:

Send suggestions and report system problems to the System administrator.