external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Added CloudFlare auto-loading of trusted proxy IP addresses.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2020-12-10 13:56:15 -08:00
parent 182d5fb295
commit 370d890b86
3 changed files with 59 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
webserver.js
View file

@ -4885,8 +4885,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (typeof req.connection.remoteAddress == 'string') { ipex = (req.connection.remoteAddress.startsWith('::ffff:')) ? req.connection.remoteAddress.substring(7) : req.connection.remoteAddress; }
if (
(obj.args.trustedproxy === true) ||
((typeof obj.args.trustedproxy == 'object') && (obj.args.trustedproxy.indexOf(ipex) >= 0)) ||
((typeof obj.args.tlsoffload == 'object') && (obj.args.tlsoffload.indexOf(ipex) >= 0))
((typeof obj.args.trustedproxy == 'object') && (isIPMatch(ipex, obj.args.trustedproxy))) ||
((typeof obj.args.tlsoffload == 'object') && (isIPMatch(ipex, obj.args.tlsoffload)))
) {
// Get client IP
if (req.headers['cf-connecting-ip']) { // Use CloudFlare IP address if present
@ -6606,6 +6606,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} catch (ex) { console.log(ex); func(fd, tag); }
}
// Perform a IP match against a list
function isIPMatch(ip, matchList) {
const ipcheck = require('ipcheck');
for (var i in matchList) { if (ipcheck.match(ip, matchList[i]) == true) return true; }
return false;
}
// This is the invalid login throttling code
obj.badLoginTable = {};
obj.badLoginTableLastClean = 0;