httpd/webdav: add a list of hosts allowed to send proxy headers

X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.

This is a backward incompatible change, before the proxy headers were
always used

httpd/webclient.go

@@ -279,24 +279,11 @@ func handleWebClientLogout(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleClientGetFiles(w http.ResponseWriter, r *http.Request) {
-	ipAddr := utils.GetIPFromRemoteAddress(r.RemoteAddr)
-	common.Connections.AddClientConnection(ipAddr)
-	defer common.Connections.RemoveClientConnection(ipAddr)
-
 	claims, err := getTokenClaims(r)
 	if err != nil || claims.Username == "" {
 		renderClientForbiddenPage(w, r, "Invalid token claims")
 		return
 	}
-	if !common.Connections.IsNewConnectionAllowed(ipAddr) {
-		logger.Log(logger.LevelDebug, common.ProtocolHTTP, "", "connection refused, configured limit reached")
-		renderClientForbiddenPage(w, r, "configured connections limit reached")
-		return
-	}
-	if common.IsBanned(ipAddr) {
-		renderClientForbiddenPage(w, r, "your IP address is banned")
-		return
-	}
 
 	user, err := dataprovider.UserExists(claims.Username)
 	if err != nil {
@@ -635,16 +622,5 @@ func checkWebClientUser(user *dataprovider.User, r *http.Request, connectionID s
 		logger.Debug(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, r.RemoteAddr)
 		return fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, r.RemoteAddr)
 	}
-	if connAddr, ok := r.Context().Value(connAddrKey).(string); ok {
-		if connAddr != r.RemoteAddr {
-			connIPAddr := utils.GetIPFromRemoteAddress(connAddr)
-			if common.IsBanned(connIPAddr) {
-				return errors.New("your IP address is banned")
-			}
-			if !user.IsLoginFromAddrAllowed(connIPAddr) {
-				return fmt.Errorf("login from IP %v is not allowed", connIPAddr)
-			}
-		}
-	}
 	return nil
 }