Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
parse xff before deciding to reject a connection
this commit partially fixes the following issue: if a client manages to escape real-ip detection, copyparty will try to ban the reverse-proxy instead, effectively banning all clients this can happen if the configuration says to obtain client real-ip from a cloudflare header, but the server is not configured to reject connections from non-cloudflare IPs, so a scanner will eventually hit the server IP with malicious-looking requests and trigger a ban copyparty will now continue to process requests from banned IPs until the header has been parsed and the real-ip has been obtained (or not), causing an increased server load from malicious clients assuming the `--xff-src` and `--xff-hdr` config is correct, this issue should no longer be hitting innocent clients the old behavior of immediately rejecting a banned IP address can be re-enabled with the new option `--early-ban`
- Loading branch information