diff options
| author | jade <software@lfcode.ca> | 2025-06-03 14:22:30 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-06-03 15:22:30 -0600 |
| commit | 44b5de156886995fdcf881cbc1208505ad0e8b0e (patch) | |
| tree | a9134d5c4ae3d3871259ee82eef3f03b22c1e872 /MediaBrowser.Common | |
| parent | 08b2ffeaabdd2cf716e6c8fe2da744718ba9c0ea (diff) | |
Fix missing logging of connections by disallowed IPs (#14011)
Diffstat (limited to 'MediaBrowser.Common')
| -rw-r--r-- | MediaBrowser.Common/Extensions/HttpContextExtensions.cs | 2 | ||||
| -rw-r--r-- | MediaBrowser.Common/Net/INetworkManager.cs | 4 | ||||
| -rw-r--r-- | MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs | 29 |
3 files changed, 32 insertions, 3 deletions
diff --git a/MediaBrowser.Common/Extensions/HttpContextExtensions.cs b/MediaBrowser.Common/Extensions/HttpContextExtensions.cs index a1056b7c8..739a53c7a 100644 --- a/MediaBrowser.Common/Extensions/HttpContextExtensions.cs +++ b/MediaBrowser.Common/Extensions/HttpContextExtensions.cs @@ -12,7 +12,7 @@ namespace MediaBrowser.Common.Extensions /// Checks the origin of the HTTP context. /// </summary> /// <param name="context">The incoming HTTP context.</param> - /// <returns><c>true</c> if the request is coming from LAN, <c>false</c> otherwise.</returns> + /// <returns><c>true</c> if the request is coming from the same machine as is running the server, <c>false</c> otherwise.</returns> public static bool IsLocal(this HttpContext context) { return (context.Connection.LocalIpAddress is null diff --git a/MediaBrowser.Common/Net/INetworkManager.cs b/MediaBrowser.Common/Net/INetworkManager.cs index d838144ff..bd785bcbc 100644 --- a/MediaBrowser.Common/Net/INetworkManager.cs +++ b/MediaBrowser.Common/Net/INetworkManager.cs @@ -127,7 +127,7 @@ namespace MediaBrowser.Common.Net /// Checks if <paramref name="remoteIP"/> has access to the server. /// </summary> /// <param name="remoteIP">IP address of the client.</param> - /// <returns><b>True</b> if it has access, otherwise <b>false</b>.</returns> - bool HasRemoteAccess(IPAddress remoteIP); + /// <returns>The result of evaluating the access policy, <c>Allow</c> if it should be allowed.</returns> + RemoteAccessPolicyResult ShouldAllowServerAccess(IPAddress remoteIP); } } diff --git a/MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs b/MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs new file mode 100644 index 000000000..193d37228 --- /dev/null +++ b/MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs @@ -0,0 +1,29 @@ +using System; + +namespace MediaBrowser.Common.Net; + +/// <summary> +/// Result of <see cref="INetworkManager.ShouldAllowServerAccess" />. +/// </summary> +public enum RemoteAccessPolicyResult +{ + /// <summary> + /// The connection should be allowed. + /// </summary> + Allow, + + /// <summary> + /// The connection should be rejected since it is not from a local IP and remote access is disabled. + /// </summary> + RejectDueToRemoteAccessDisabled, + + /// <summary> + /// The connection should be rejected since it is from a blocklisted IP. + /// </summary> + RejectDueToIPBlocklist, + + /// <summary> + /// The connection should be rejected since it is from a remote IP that is not in the allowlist. + /// </summary> + RejectDueToNotAllowlistedRemoteIP, +} |