Skip to content

Commit 6c70872

Browse files
mdecimusmdecimus
committed
HTTP: Skip scanner fail2ban checks when the proxy client IP can't be parsed
1 parent cd2b958 commit 6c70872

File tree

1 file changed

+19
-20
lines changed

1 file changed

+19
-20
lines changed

crates/http/src/request.rs

Lines changed: 19 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -814,26 +814,25 @@ async fn handle_session<T: SessionStream>(inner: Arc<Inner>, session: SessionDat
814814
.await
815815
{
816816
if http_err.is_parse() {
817-
match inner
818-
.build_server()
819-
.is_scanner_fail2banned(session.remote_ip)
820-
.await
821-
{
822-
Ok(true) => {
823-
trc::event!(
824-
Security(SecurityEvent::ScanBan),
825-
SpanId = session.session_id,
826-
RemoteIp = session.remote_ip,
827-
Reason = http_err.to_string(),
828-
);
829-
return;
830-
}
831-
Ok(false) => {}
832-
Err(err) => {
833-
trc::error!(
834-
err.span_id(session.session_id)
835-
.details("Failed to check for fail2ban")
836-
);
817+
let server = inner.build_server();
818+
if !server.core.jmap.http_use_forwarded {
819+
match server.is_scanner_fail2banned(session.remote_ip).await {
820+
Ok(true) => {
821+
trc::event!(
822+
Security(SecurityEvent::ScanBan),
823+
SpanId = session.session_id,
824+
RemoteIp = session.remote_ip,
825+
Reason = http_err.to_string(),
826+
);
827+
return;
828+
}
829+
Ok(false) => {}
830+
Err(err) => {
831+
trc::error!(
832+
err.span_id(session.session_id)
833+
.details("Failed to check for fail2ban")
834+
);
835+
}
837836
}
838837
}
839838
}

0 commit comments

Comments
 (0)