ACL X-Forwarded-For "2nd-to-last" also works with IPv6 addresses.

84b98dc4 · Geoff Simmons · 02a2a5c9 · 84b98dc4 · 84b98dc4
Commit 84b98dc4 authored Jan 07, 2019 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

acl.golden pkg/varnish/vcl/testdata/acl.golden +1 -1

vcl.go pkg/varnish/vcl/vcl.go +1 -1

No files found.
--- a/pkg/varnish/vcl/testdata/acl.golden
+++ b/pkg/varnish/vcl/testdata/acl.golden
@@ -51,7 +51,7 @@ sub vcl_recv {
 		return(synth(403));
 	}
 	if (
-	    std.ip(regsub(req.http.X-Forwarded-For,"^.*?([\d.]+)\s*,[^,]*$","\1"), "0.0.0.0") !~ vk8s_local_acl
+	    std.ip(regsub(req.http.X-Forwarded-For,"^.*?([[:xdigit:]:.]+)\s*,[^,]*$","\1"), "0.0.0.0") !~ vk8s_local_acl
 	   ) {
 		return(synth(403));
 	}

--- a/pkg/varnish/vcl/vcl.go
+++ b/pkg/varnish/vcl/vcl.go
@@ -533,7 +533,7 @@ func aclMask(bits uint8) string {

 const (
 	xffFirst   = `regsub(req.http.X-Forwarded-For,"^([^,\s]+).*","\1")`
-	xff2ndLast = `regsub(req.http.X-Forwarded-For,"^.*?([\d.]+)\s*,[^,]*$","\1")`
+	xff2ndLast = `regsub(req.http.X-Forwarded-For,"^.*?([[:xdigit:]:.]+)\s*,[^,]*$","\1")`
 )

 func aclCmp(comparand string) string {