[pve-devel] [PATCH http-server v3 2/2] access control: also include ipv6 in 'all'
Stoiko Ivanov
s.ivanov at proxmox.com
Wed May 5 16:36:27 CEST 2021
Net::IP objects are bound to a version - 0/0 is treated as ipv4 only.
If 'all' is present in the allow_from/deny_from list we should also
add ::/0 for matching all ipv6 addresses.
Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
PVE/APIServer/Utils.pm | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/PVE/APIServer/Utils.pm b/PVE/APIServer/Utils.pm
index 8470f80..449d764 100644
--- a/PVE/APIServer/Utils.pm
+++ b/PVE/APIServer/Utils.pm
@@ -33,7 +33,11 @@ sub read_proxy_config {
if ($key eq 'ALLOW_FROM' || $key eq 'DENY_FROM') {
my $ips = [];
foreach my $ip (split(/,/, $value)) {
- $ip = "0/0" if $ip eq 'all';
+ if ($ip eq 'all') {
+ push @$ips, Net::IP->new('0/0') || die Net::IP::Error() . "\n";
+ push @$ips, Net::IP->new('::/0') || die Net::IP::Error() . "\n";
+ next;
+ }
push @$ips, Net::IP->new(normalize_v4_in_v6($ip)) || die Net::IP::Error() . "\n";
}
$res->{$key} = $ips;
--
2.20.1
More information about the pve-devel
mailing list