diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2020-03-25 13:44:40 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2020-03-25 13:48:56 +0200 |
commit | e801d94e40f23c09f27a807fec48fc0133ddb1c6 (patch) | |
tree | a7cae42d7f81c4becddecdf69fc854a42e81e555 /README | |
parent | a6d6598a99f654cf25a65e512ce7bf4856fda3b2 (diff) | |
download | vmod-remoteip-e801d94e40f23c09f27a807fec48fc0133ddb1c6.tar.gz vmod-remoteip-e801d94e40f23c09f27a807fec48fc0133ddb1c6.tar.bz2 |
Use ACL to hold IPs of the trusted proxies.v2.0
Suggested by Dridi Boukelmoune.
Diffstat (limited to 'README')
-rw-r--r-- | README | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -20,10 +20,11 @@ hosts from the ACL "allowed": #+BEGIN_SRC vcl-script import std; import remoteip; - - sub vcl_init { - // Register trusted proxy server addresses - remoteip.init("192.0.2.1, 127.0.0.1"); + + // Register trusted proxy server addresses + acl trusted { + "192.0.2.1"; + "127.0.0.1"; } acl allowed { @@ -32,7 +33,7 @@ hosts from the ACL "allowed": } sub vcl_recv { - set req.http.x-real-ip = remoteip.get(req.http.X-Forwarded-For); + set req.http.x-real-ip = remoteip.get(trusted, req.http.X-Forwarded-For); if (std.ip(req.http.x-real-ip) ~ allowed) { ... } |