proxy protocol: add list of allowed IP addresses and IP ranges

"proxy_allowed" setting allows to specify the allowed IP address and IP ranges that can send the proxy header. This setting combined with "proxy_protocol" allows to ignore the header or to reject connections that send the proxy header from a non listed IP
2025-12-07 23:00:55 +03:00 · 2020-03-01 23:12:28 +01:00
parent b885d453a2
commit 833b702b90
6 changed files with 57 additions and 9 deletions
--- a/sftpd/sftpd_test.go
+++ b/sftpd/sftpd_test.go
@@ -261,6 +261,13 @@ func TestInitialization(t *testing.T) {
 	if err == nil {
 		t.Error("Inizialize must fail, a SFTP server should be already running")
 	}
+	sftpdConf.BindPort = 4444
+	sftpdConf.ProxyProtocol = 1
+	sftpdConf.ProxyAllowed = []string{"1270.0.0.1"}
+	err = sftpdConf.Initialize(configDir)
+	if err == nil {
+		t.Error("Inizialize must fail, proxy IP allowed is invalid")
+	}
 }

 func TestBasicSFTPHandling(t *testing.T) {