From a9a0195fd7b1e2461c7690c32b27620afd64f673 Mon Sep 17 00:00:00 2001
From: Paul Harris <paul.harris@consensys.net>
Date: Fri, 6 Sep 2024 17:02:47 +1000
Subject: [PATCH] Alter host allow logic in rest api

it appears that at least in currently documented behaviour that we were filtering on server address not client address, which made it hard to reason about.

fixes #8567

Signed-off-by: Paul Harris <paul.harris@consensys.net>
---
 CHANGELOG.md                                                    | 1 +
 .../teku/infrastructure/restapi/HostAllowlistHandler.java       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ae0d61cadd5..2162beb31c0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,3 +14,4 @@
 - Implemented [PostAggregateAndProofsV2](https://ethereum.github.io/beacon-APIs/?urls.primaryName=dev#/Validator/publishAggregateAndProofsV2) (adding support for Electra)
 
 ### Bug Fixes
+ - Updated allow-hosts logic to fix an issue with filtering (#8567).
\ No newline at end of file
diff --git a/infrastructure/restapi/src/main/java/tech/pegasys/teku/infrastructure/restapi/HostAllowlistHandler.java b/infrastructure/restapi/src/main/java/tech/pegasys/teku/infrastructure/restapi/HostAllowlistHandler.java
index df4f3c174ee..0116535f45b 100644
--- a/infrastructure/restapi/src/main/java/tech/pegasys/teku/infrastructure/restapi/HostAllowlistHandler.java
+++ b/infrastructure/restapi/src/main/java/tech/pegasys/teku/infrastructure/restapi/HostAllowlistHandler.java
@@ -33,7 +33,7 @@ public HostAllowlistHandler(final List<String> hostAllowlist) {
 
   @Override
   public void handle(final Context ctx) throws Exception {
-    String header = ctx.host();
+    String header = ctx.ip();
     if (!isHostAuthorized(hostAllowlist, header)) {
       LOG.debug("Host not authorized " + header);
       throw new ForbiddenResponse("Host not authorized");