|
|
|
@ -26,6 +26,7 @@ loadmodule "xhttp.so" |
|
|
|
#!trydef WS_MAX_CONNECTIONS_PER_IP 50 |
|
|
|
#!trydef WS_MAX_CONNECTIONS_PER_PROXY 0 |
|
|
|
#!trydef WS_ALLOWED_PROXIES "0.0.0.0/0" |
|
|
|
#!trydef WS_CONNECTIONS_FROM_PROXY_ONLY 0 |
|
|
|
|
|
|
|
######## Websocket module ######## |
|
|
|
loadmodule "websocket.so" |
|
|
|
@ -41,6 +42,7 @@ modparam("websocket", "sub_protocols", 1) |
|
|
|
kazoo.ws_allowed_proxies = WS_ALLOWED_PROXIES desc "comma separated list of allowed proxies in cidr notation" |
|
|
|
kazoo.ws_max_connection_per_ip = WS_MAX_CONNECTIONS_PER_IP desc "max connections per ip" |
|
|
|
kazoo.ws_max_connection_per_proxy = WS_MAX_CONNECTIONS_PER_PROXY desc "max connections per proxy" |
|
|
|
kazoo.ws_connections_via_proxy_only = WS_CONNECTIONS_FROM_PROXY_ONLY desc "only allow connections via proxy" |
|
|
|
|
|
|
|
event_route[xhttp:request] |
|
|
|
{ |
|
|
|
@ -80,7 +82,13 @@ event_route[xhttp:request] |
|
|
|
#!endif |
|
|
|
|
|
|
|
if ($hdr(X-Forwarded-For) == $null) { |
|
|
|
$var(ws_orig_ip) = $si; |
|
|
|
if($sel(cfg_get.kazoo.ws_connections_via_proxy_only) == 1) { |
|
|
|
xlog("L_INFO", "websocket|log|request from $si without X-Forwarded-For Header and only allowed connections are via proxy\n"); |
|
|
|
xhttp_reply("403", "Forbidden", "", ""); |
|
|
|
exit; |
|
|
|
} else { |
|
|
|
$var(ws_orig_ip) = $si; |
|
|
|
} |
|
|
|
} else { |
|
|
|
xlog("L_INFO", "websocket|log|request X-Forwarded-For $hdr(X-Forwarded-For) from $si\n"); |
|
|
|
$var(ws_orig_ip) = $hdr(X-Forwarded-For); |
|
|
|
|
lazedo
7 years ago