Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate TRUSTED_PROXIES on server startup #1727

Closed
micahlee opened this issue Aug 3, 2020 · 0 comments
Closed

Validate TRUSTED_PROXIES on server startup #1727

micahlee opened this issue Aug 3, 2020 · 0 comments
Assignees
@micahlee
Labels
kind/enhancement
Milestone
IP Restrictions &...

Comments

@micahlee
Copy link
Contributor

micahlee commented Aug 3, 2020

Currently, if TRUSTED_PROXIES contains an invalid (non-CIDR) value, the first attempt to handle a request will fail with:

IPAddr.new('invalid-value')
Traceback (most recent call last):
        7: from /usr/local/bin/irb:23:in `<main>'
        6: from /usr/local/bin/irb:23:in `load'
        5: from /usr/local/lib/ruby/gems/2.7.0/gems/irb-1.2.3/exe/irb:11:in `<top (required)>'
        4: from (irb):2
        3: from (irb):2:in `new'
        2: from /usr/local/lib/ruby/2.7.0/ipaddr.rb:557:in `initialize'
        1: from /usr/local/lib/ruby/2.7.0/ipaddr.rb:598:in `rescue in initialize'
IPAddr::InvalidAddressError (invalid address: invalid-value)

Conjur should validate that TRUSTED_PROXIES contains valid CIDR values at server startup, to give immediate feedback, rather than wait for the first request.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@micahlee micahlee

Labels
kind/enhancement
Milestone
IP Restrictions & Auditing: M3
Development

No branches or pull requests
3 participants
@alexkalish @micahlee @sjacobs146