starred/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2026-05-04 18:09:12 +03:00
Code Issues 822 Packages Projects Releases 10 Wiki Activity

[PR #14011] [MERGED] Fix missing logging of connections by disallowed IPs #13793

New Issue
Closed
opened 2026-02-07 07:19:16 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2026-02-07 07:19:16 +03:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/jellyfin/jellyfin/pull/14011
Author: @lf-
Created: 4/27/2025
Status: Merged
Merged: 6/4/2025
Merged by: @crobibero

Base: masterHead: jade/fix-access-policy-diagnostics

📝 Commits (2)

  • 4230c60 Middleware: Give reasons for rejecting connections
  • a3b92a6 Middleware: remove redundant LAN filtering middleware

📊 Changes

9 files changed (+109 additions, -98 deletions)

View changed files

📝 Jellyfin.Api/Middleware/IpBasedAccessValidationMiddleware.cs (+16 -4)
Jellyfin.Api/Middleware/LanFilteringMiddleware.cs (+0 -51)
📝 Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs (+0 -10)
📝 Jellyfin.Server/Startup.cs (+0 -1)
📝 MediaBrowser.Common/Extensions/HttpContextExtensions.cs (+1 -1)
📝 MediaBrowser.Common/Net/INetworkManager.cs (+2 -2)
MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs (+29 -0)
📝 src/Jellyfin.Networking/Manager/NetworkManager.cs (+28 -19)
📝 tests/Jellyfin.Networking.Tests/NetworkParseTests.cs (+33 -10)

📄 Description

Changes
I rewrote the remote access policy code (intended as no functional change) to give reasons for rejecting/allowing connections as well as restructuring it to be more in line with best practices in authorization code of having the fall-through case be to reject. This then allows for fixing #14008 in a satisfying way: actually reporting why the connection was rejected.

Secondly I deleted the LAN checking middleware, since it is a subset of the functionality of the IP checking middleware anyway and has worse diagnostics.

I have tested this locally (which actually is why I found the redundant LAN middleware).

Issues

Fixes: https://github.com/jellyfin/jellyfin/issues/14008

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/jellyfin/jellyfin/pull/14011 **Author:** [@lf-](https://github.com/lf-) **Created:** 4/27/2025 **Status:** ✅ Merged **Merged:** 6/4/2025 **Merged by:** [@crobibero](https://github.com/crobibero) **Base:** `master` ← **Head:** `jade/fix-access-policy-diagnostics` --- ### 📝 Commits (2) - [`4230c60`](https://github.com/jellyfin/jellyfin/commit/4230c60d3cbb931140250b8771b13f712ca81b0e) Middleware: Give reasons for rejecting connections - [`a3b92a6`](https://github.com/jellyfin/jellyfin/commit/a3b92a6638a87cd42b5904e50f8db3b15053b04f) Middleware: remove redundant LAN filtering middleware ### 📊 Changes **9 files changed** (+109 additions, -98 deletions) <details> <summary>View changed files</summary> 📝 `Jellyfin.Api/Middleware/IpBasedAccessValidationMiddleware.cs` (+16 -4) ➖ `Jellyfin.Api/Middleware/LanFilteringMiddleware.cs` (+0 -51) 📝 `Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs` (+0 -10) 📝 `Jellyfin.Server/Startup.cs` (+0 -1) 📝 `MediaBrowser.Common/Extensions/HttpContextExtensions.cs` (+1 -1) 📝 `MediaBrowser.Common/Net/INetworkManager.cs` (+2 -2) ➕ `MediaBrowser.Common/Net/RemoteAccessPolicyResult.cs` (+29 -0) 📝 `src/Jellyfin.Networking/Manager/NetworkManager.cs` (+28 -19) 📝 `tests/Jellyfin.Networking.Tests/NetworkParseTests.cs` (+33 -10) </details> ### 📄 Description <!-- Ensure your title is short, descriptive, and in the imperative mood (Fix X, Change Y, instead of Fixed X, Changed Y). For a good inspiration of what to write in commit messages and PRs please review https://chris.beams.io/posts/git-commit/ and our documentation. --> **Changes** I rewrote the remote access policy code (intended as no functional change) to give reasons for rejecting/allowing connections as well as restructuring it to be more in line with best practices in authorization code of having the fall-through case be to reject. This then allows for fixing #14008 in a satisfying way: actually reporting *why* the connection was rejected. Secondly I deleted the LAN checking middleware, since it is a subset of the functionality of the IP checking middleware anyway and has worse diagnostics. I have tested this locally (which actually is why I found the redundant LAN middleware). **Issues** <!-- Tag any issues that this PR solves here. ex. Fixes # --> Fixes: https://github.com/jellyfin/jellyfin/issues/14008 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
OVERLORD added the pull-request label 2026-02-07 07:19:16 +03:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
EFjellyfin.db
area:database
awaiting-feedback
backend
blocked
breaking change: web api
bug
build
ci
confirmed
discussion needed
dotnet future
downstream
duplicate
enhancement
feature
future
github-actions
good first issue
hdr
help wanted
invalid
investigation
librarydb
live-tv
lyrics
media playback
music
needs testing
nuget
performance
platform
pull-request
Mirrored from GitHub Pull Request
 question
regression
release critical
requires-web
roadmap
security
security
stale
support
syncplay
ui & ux
upstream
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/jellyfin#13793
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?