Use remote IP for all authentication if trusted https://github.com/webmin/webmin/issues/168

2026-03-20 16:50:24 +00:00 · 2014-09-01 15:12:34 -07:00
parent 36f0a46525
commit 48260ea268
1 changed files with 5 additions and 0 deletions
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -1398,6 +1398,11 @@ local $headerhost = $header{'x-forwarded-for'} ||
 		    $header{'x-real-ip'};
 if ($config{'trust_real_ip'}) {
 	$acpthost = $headerhost || $acpthost;
+	if (&check_ipaddress($headerhost) || &check_ip6address($headerhost)) {
+		# If a remote IP was given, use it for all access control checks
+		# from now on.
+		$acptip = $headerhost;
+		}
 	$loghost = $acpthost;
 	}
 else {