From 8f87388c7d5f8308c57a0c2c7a312be361df27d6 Mon Sep 17 00:00:00 2001
From: jon4hz <jonah.zuercher@adfinis.com>
Date: Thu, 22 Jan 2026 10:48:25 +0100
Subject: [PATCH] fix: only check for valid ip in acl check

---
 lib/perl/OVH/Bastion/Plugin/ACL.pm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/perl/OVH/Bastion/Plugin/ACL.pm b/lib/perl/OVH/Bastion/Plugin/ACL.pm
index 2d9fc94..d89ff96 100644
--- a/lib/perl/OVH/Bastion/Plugin/ACL.pm
+++ b/lib/perl/OVH/Bastion/Plugin/ACL.pm
@@ -91,9 +91,10 @@ sub check {
             return R('ERR_MISSING_PARAMETER', msg => "When --proxy-host is specified, --proxy-port becomes mandatory");
         }
 
-        # validate proxy host format (same as regular host validation)
-        if ($proxyIp !~ m{^[a-zA-Z0-9._:-]+$}) {
-            return R('ERR_INVALID_PARAMETER', msg => "Proxy host name '$proxyIp' seems invalid");
+        # validate proxy ip
+        my $fntret = OVH::Bastion::is_valid_ip(ip => $proxyIp, allowSubnets => 0);
+        if (!$fntret) {
+            return R('ERR_INVALID_PARAMETER', msg => "Proxy host IP '$proxyIp' is invalid: " . $fntret->msg);
         }
 
         if (!$proxyUser) {