Trimming whitespace in XFF for IP whitelisting

This commit is contained in:
Oliver Moser 2018-10-03 22:52:02 +02:00 committed by Traefiker Bot
parent 4cb1ae4626
commit 44e06a1a1e
2 changed files with 4 additions and 3 deletions

View file

@ -63,7 +63,8 @@ func (ip *IP) IsAuthorized(req *http.Request) error {
for _, xFF := range xFFs { for _, xFF := range xFFs {
xffs := strings.Split(xFF, ",") xffs := strings.Split(xFF, ",")
for _, xff := range xffs { for _, xff := range xffs {
ok, err := ip.contains(parseHost(xff)) xffTrimmed := strings.TrimSpace(xff)
ok, err := ip.contains(parseHost(xffTrimmed))
if err != nil { if err != nil {
return err return err
} }
@ -72,7 +73,7 @@ func (ip *IP) IsAuthorized(req *http.Request) error {
return nil return nil
} }
invalidMatches = append(invalidMatches, xff) invalidMatches = append(invalidMatches, xffTrimmed)
} }
} }
} }

View file

@ -32,7 +32,7 @@ func TestIsAuthorized(t *testing.T) {
whiteList: []string{"1.2.3.4/24"}, whiteList: []string{"1.2.3.4/24"},
allowXForwardedFor: true, allowXForwardedFor: true,
remoteAddr: "10.2.3.1:123", remoteAddr: "10.2.3.1:123",
xForwardedForValues: []string{"1.2.3.1, 10.2.3.1"}, xForwardedForValues: []string{"10.2.3.1, 1.2.3.1"},
authorized: true, authorized: true,
}, },
{ {