proxmox-mirrors/pve-http-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-http-server synced 2025-05-02 20:00:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

access control: also include ipv6 in 'all'

Browse Source 
Net::IP objects are bound to a version - 0/0 is treated as ipv4 only.
If 'all' is present in the allow_from/deny_from list we should also
add ::/0 for matching all ipv6 addresses.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
This commit is contained in:
Stoiko Ivanov 2021-05-05 16:36:27 +02:00 committed by Thomas Lamprecht
parent c6de5b3f2d
commit 9494318e18
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
PVE/APIServer/Utils.pm
View File

@ -33,7 +33,11 @@ sub read_proxy_config {
if ($key eq 'ALLOW_FROM' || $key eq 'DENY_FROM') { if ($key eq 'ALLOW_FROM' || $key eq 'DENY_FROM') {
my $ips = []; my $ips = [];
foreach my $ip (split(/,/, $value)) { foreach my $ip (split(/,/, $value)) {
$ip = "0/0" if $ip eq 'all'; if ($ip eq 'all') {
push @$ips, Net::IP->new('0/0') || die Net::IP::Error() . "\n";
push @$ips, Net::IP->new('::/0') || die Net::IP::Error() . "\n";
next;
}
push @$ips, Net::IP->new(normalize_v4_in_v6($ip)) || die Net::IP::Error() . "\n"; push @$ips, Net::IP->new(normalize_v4_in_v6($ip)) || die Net::IP::Error() . "\n";
} }
$res->{$key} = $ips; $res->{$key} = $ips;