search

roundcube / roundcubemail

The Roundcube Webmail suite
https://roundcube.net
GNU General Public License v3.0
5.84k stars 1.64k forks source link

Allow cidr (subnets) in proxy_whitelist #7103

Open micw opened 4 years ago

micw commented 4 years ago

Hallo, on dynamic environments like kubernetes, the proxy has a dynamic IP within a subnet. This is currently not supported by roundcube's proxy_whitelist config.

It can easily be added by using the following function to compare:

function cidr_match($ip, $range_or_ip)
{
    if (strpos($range_or_ip,'/')===false) {
      return $ip == $range_or_ip;
    }
    list ($subnet, $bits) = explode('/', $range_or_ip);
    if ($bits === null) {
        $bits = 32;
    }
    $ip = ip2long($ip);
    $subnet = ip2long($subnet);
    $mask = -1 << (32 - $bits);
    $subnet &= $mask; # nb: in case the supplied subnet wasn't correctly aligned
    return ($ip & $mask) == $subnet;
}
alecpl commented 4 years ago

It would be also nice if it supports IPv6.

johndoh commented 4 years ago

perhaps a lib like this could help https://github.com/mlocati/ip-lib

alecpl commented 3 years ago

https://stackoverflow.com/a/56050595 is a simple solution that does not require external libs.

kresike commented 1 year ago

This is also an issue when roundcube is used behind a service like cloudflare.