--- a/mod_http_status/README.md Wed Oct 25 15:36:20 2023 +0200
+++ b/mod_http_status/README.md Wed Oct 25 17:18:50 2023 +0200
@@ -13,3 +13,19 @@
}
```
+# Configuration
+
+
+By default only access via localhost is allowed. This can be adjusted with `http_status_allow_ips`. The following example shows the default:
+
+```
+http_status_allow_ips = { "::1"; "127.0.0.1" }
+```
+
+Access can also be granted to one IP range via CIDR notation:
+
+```
+http_status_allow_cidr = "172.17.2.0/24"
+```
+
+The default for `http_status_allow_cidr` is empty.
--- a/mod_http_status/mod_http_status.lua Wed Oct 25 15:36:20 2023 +0200
+++ b/mod_http_status/mod_http_status.lua Wed Oct 25 17:18:50 2023 +0200
@@ -2,13 +2,29 @@
local json = require "util.json";
local datetime = require "util.datetime".datetime;
+local ip = require "util.ip";
local modulemanager = require "core.modulemanager";
+local permitted_ips = module:get_option_set("http_status_allow_ips", { "::1", "127.0.0.1" });
+local permitted_cidr = module:get_option_string("http_status_allow_cidr");
+
+local function is_permitted(request)
+ local ip_raw = request.ip;
+ if permitted_ips:contains(ip_raw) or
+ (permitted_cidr and ip.match(ip.new_ip(ip_raw), ip.parse_cidr(permitted_cidr))) then
+ return true;
+ end
+ return false;
+end
+
module:provides("http", {
route = {
GET = function(event)
local request, response = event.request, event.response;
+ if not is_permitted(request) then
+ return 403; -- Forbidden
+ end
response.headers.content_type = "application/json";
local resp = { ["*"] = true };