diff --git a/cmd/serve.go b/cmd/serve.go index 6d7754ef..aff7c7c8 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -304,27 +304,25 @@ func sigHandlerConfigReload(config string) { } func parseIPHostPrefix(host string) (prefixes []netip.Prefix, err error) { - //try parsing as prefix + // Try parsing as prefix, e.g. 10.0.1.0/24 prefix, err := netip.ParsePrefix(host) if err == nil { - prefixes = append(prefixes, prefix.Masked()) // Masked returns the prefix in its canonical form, the same for every ip in the range. This exists for ease of debugging. For example, 10.1.2.3/16 is 10.1.0.0/16. - return prefixes, nil // success + prefixes = append(prefixes, prefix.Masked()) + return prefixes, nil } - - // not a prefix, parse as host or IP - // LookupHost passes through an IP as is + // Not a prefix, parse as host or IP (LookupHost passes through an IP as is) ips, err := net.LookupHost(host) if err != nil { return nil, err } - for _, i := range ips { - ip, err := netip.ParseAddr(i) + for _, ipStr := range ips { + ip, err := netip.ParseAddr(ipStr) if err == nil { prefix, err := ip.Prefix(ip.BitLen()) if err != nil { return nil, fmt.Errorf("%s successfully parsed but unable to make prefix: %s", ip.String(), err.Error()) } - prefixes = append(prefixes, prefix.Masked()) //also masked canonical ip + prefixes = append(prefixes, prefix.Masked()) } } return diff --git a/server/server.go b/server/server.go index a4ef193b..ef09100d 100644 --- a/server/server.go +++ b/server/server.go @@ -1437,14 +1437,14 @@ func extractUserPass(r *http.Request) (username string, password string, ok bool // This function was taken from https://www.alexedwards.net/blog/how-to-rate-limit-http-requests (MIT). func (s *Server) visitor(r *http.Request) *visitor { remoteAddr := r.RemoteAddr - ipport, err := netip.ParseAddrPort(remoteAddr) - ip := ipport.Addr() + addrPort, err := netip.ParseAddrPort(remoteAddr) + ip := addrPort.Addr() if err != nil { // This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified ip, err = netip.ParseAddr(remoteAddr) if err != nil { ip = netip.IPv4Unspecified() - log.Error("Unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err) + log.Warn("unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err) } } if s.config.BehindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" { @@ -1452,14 +1452,13 @@ func (s *Server) visitor(r *http.Request) *visitor { // only the right-most address can be trusted (as this is the one added by our proxy server). // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details. ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",") - myip, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr))) + realIP, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr))) if err != nil { log.Error("invalid IP address %s received in X-Forwarded-For header: %s", ip, err.Error()) - // fall back to regular remote address if X-Forwarded-For is damaged + // Fall back to regular remote address if X-Forwarded-For is damaged } else { - ip = myip + ip = realIP } - } return s.visitorFromIP(ip) }