Fix check_ip argument when gitlab-sshd used with PROXY protocol (!616) · Merge requests · GitLab.org / gitlab-shell

Stan Hu requested to merge sh-fix-remote-addr-handling into main May 09, 2022

When gitlab-sshd were used with the PROXY protocol, the check_ip argument passed to /api/v4/internal/allowed was the Go remote address, which is a host and port combination (e.g. 127.0.0.1:12345). As a result, This prevents IP restrictions from working properly on Rails. We fix this by stripping out the port if it is present.

When OpenSSH is used, this is not an issue because the IP address is extracted from SSH_CONNECTION.

Edited May 09, 2022 by Stan Hu

Fix check_ip argument when gitlab-sshd used with PROXY protocol

Merge request reports