Merge branch 'master' into fix-ci-updates

caddyserver · Jul 19, 2024 · 46d8b83 · 46d8b83
2 parents 6fb6497 + 02be81e
commit 46d8b83
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/forwardproxy.go b/forwardproxy.go
@@ -486,6 +486,18 @@ func (h Handler) dialContextCheckACL(ctx context.Context, network, hostPort stri
 			fmt.Errorf("port %s is not allowed", port))
 	}
 
+match:
+	for _, rule := range h.aclRules {
+		if _, ok := rule.(*aclDomainRule); ok {
+			switch rule.tryMatch(nil, host) {
+			case aclDecisionDeny:
+				return nil, caddyhttp.Error(http.StatusForbidden, fmt.Errorf("disallowed host %s", host))
+			case aclDecisionAllow:
+				break match
+			}
+		}
+	}
+
 	// in case IP was provided, net.LookupIP will simply return it
 	IPs, err := net.LookupIP(host)
 	if err != nil {