Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Support for policy on local address #107

Open
kmala opened this issue Mar 4, 2024 · 0 comments · May be fixed by #108
Open

[Feature] Support for policy on local address #107

kmala opened this issue Mar 4, 2024 · 0 comments · May be fixed by #108
Labels
enhancement
Milestone
0.7

Comments

@kmala
Copy link

kmala commented Mar 4, 2024

Currently we can apply policy to verify the upstream address

go-proxyproto/protocol.go

Lines 70 to 81 in e5b291b

if p.Policy != nil {
proxyHeaderPolicy, err = p.Policy(conn.RemoteAddr())
if err != nil {
// can't decide the policy, we can't accept the connection
conn.Close()
return nil, err
}
// Handle a connection as a regular one
if proxyHeaderPolicy == SKIP {
return conn, nil
}
}
. There could be scenarios where there are multiple interfaces the server is listening on and we may want to enable the proxy protocol on only 1 interface. It would help to have policy support verifying the local address.
I can create a PR if the feature is okay to be implemented.
@kmala kmala linked a pull request Apr 18, 2024 that will close this issue
Open
@pires pires added this to the 0.7 milestone Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
0.7
Development

Successfully merging a pull request may close this issue.

Add support for validating the downstream ip of the connection kmala/go-proxyproto
2 participants
@pires @kmala