mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption

Thu, 29 Aug 2013 12:20:20 +0100

author
Matthew Wild <mwild1@gmail.com>
date
Thu, 29 Aug 2013 12:20:20 +0100
changeset 1177
a464261deba8
parent 1176
06e0c279f6a8
child 1178
412f62d05a23

mod_secure_interfaces: New module to mark c2s sessions on given interfaces as 'secure' without encryption

mod_secure_interfaces/mod_secure_interfaces.lua file | annotate | diff | comparison | revisions
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_secure_interfaces/mod_secure_interfaces.lua	Thu Aug 29 12:20:20 2013 +0100
@@ -0,0 +1,13 @@
+local secure_interfaces = module:get_option_set("secure_interfaces", { "127.0.0.1" });
+
+module:hook("stream-features", function (event)
+	local session = event.origin;
+	if session.type ~= "c2s_unauthed" then return; end
+	local socket = session.conn:socket();
+	if not socket.getsockname then return; end
+	local localip = socket:getsockname();
+	if secure_interfaces:contains(localip) then
+		module:log("debug", "Marking session from %s as secure", session.ip or "[?]");
+		session.secure = true;
+	end
+end, 2500);

mercurial