MatchWithError returns true if r matches m.
(r *http.Request)
| 153 | |
| 154 | // MatchWithError returns true if r matches m. |
| 155 | func (m MatchRemoteIP) MatchWithError(r *http.Request) (bool, error) { |
| 156 | // if handshake is not finished, we infer 0-RTT that has |
| 157 | // not verified remote IP; could be spoofed, so we throw |
| 158 | // HTTP 425 status to tell the client to try again after |
| 159 | // the handshake is complete |
| 160 | if r.TLS != nil && !r.TLS.HandshakeComplete { |
| 161 | return false, Error(http.StatusTooEarly, fmt.Errorf("TLS handshake not complete, remote IP cannot be verified")) |
| 162 | } |
| 163 | |
| 164 | address := r.RemoteAddr |
| 165 | clientIP, zoneID, err := parseIPZoneFromString(address) |
| 166 | if err != nil { |
| 167 | if c := m.logger.Check(zapcore.ErrorLevel, "getting remote "); c != nil { |
| 168 | c.Write(zap.Error(err)) |
| 169 | } |
| 170 | |
| 171 | return false, nil |
| 172 | } |
| 173 | matches, zoneFilter := matchIPByCidrZones(clientIP, zoneID, m.cidrs, m.zones) |
| 174 | if !matches && !zoneFilter { |
| 175 | if c := m.logger.Check(zapcore.DebugLevel, "zone ID from remote IP did not match"); c != nil { |
| 176 | c.Write(zap.String("zone", zoneID)) |
| 177 | } |
| 178 | } |
| 179 | return matches, nil |
| 180 | } |
| 181 | |
| 182 | // CaddyModule returns the Caddy module information. |
| 183 | func (MatchClientIP) CaddyModule() caddy.ModuleInfo { |
no test coverage detected