mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-05-04 08:05:05 +02:00
Code Issues Actions10 Packages Projects Releases Wiki Activity

Fixes

Browse source
This commit is contained in:
William Brown 2025-04-03 16:46:31 +10:00
parent bd9cfda678
commit a9db3d0e08
2 changed files with 10 additions and 4 deletions
server/core/src
https
mod.rs
ldaps.rs

7
server/core/src/https/mod.rs
View file

@ -417,7 +417,10 @@ pub(crate) async fn handle_conn(
connection_addr: SocketAddr,
enable_haproxy_hdr: bool,
) -> Result<(), std::io::Error> {
let (stream, client_addr) = if enable_haproxy_hdr {
// IMPORTANT: We only check the proxy header on non-loopback requests. This is because
// the healthcheck can't have the proxy header added. Generally it also makes it a bit
// nicer as well for localhost-administration of the instance.
let (stream, client_addr) = if enable_haproxy_hdr && !connection_addr.ip().is_loopback() {
match ProxyHdrV2::parse_from_read(stream).await {
Ok((stream, hdr)) => {
let remote_socket_addr = match hdr.to_remote_addr() {
@ -436,7 +439,7 @@ pub(crate) async fn handle_conn(
(stream, remote_socket_addr)
}
Err(err) => {
error!(?err, "Unable to process proxy v2 header");
error!(?connection_addr, ?err, "Unable to process proxy v2 header");
return Err(std::io::Error::from(ErrorKind::ConnectionAborted));
}
}

7
server/core/src/ldaps.rs
View file

@ -122,7 +122,10 @@ async fn client_tls_accept(
qe_r_ref: &'static QueryServerReadV1,
enable_haproxy_hdr: bool,
) {
let (stream, client_addr) = if enable_haproxy_hdr {
// IMPORTANT: We only check the proxy header on non-loopback requests. This is because
// the healthcheck can't have the proxy header added. Generally it also makes it a bit
// nicer as well for localhost-administration of the instance.
let (stream, client_addr) = if enable_haproxy_hdr && !connection_addr.ip().is_loopback() {
match ProxyHdrV2::parse_from_read(stream).await {
Ok((stream, hdr)) => {
let remote_socket_addr = match hdr.to_remote_addr() {
@ -141,7 +144,7 @@ async fn client_tls_accept(
(stream, remote_socket_addr)
}
Err(err) => {
error!(?err, "Unable to process proxy v2 header");
error!(?connection_addr, ?err, "Unable to process proxy v2 header");
return;
}
}