1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Make remote_ip detection properly handle private IPv6 addresses

Fixes #12638.
This commit is contained in:
Caleb Spare 2013-10-25 14:16:42 -07:00
parent 52199d1fd4
commit cd78d72526
3 changed files with 13 additions and 2 deletions

View file

@ -1,3 +1,11 @@
* Properly treat the entire IPv6 User Local Address space as private for
purposes of remote IP detection. Also handle uppercase private IPv6
addresses.
Fixes #12638.
*Caleb Spare*
* Add `params` option to `button_to` form helper, which renders the given hash * Add `params` option to `button_to` form helper, which renders the given hash
as hidden form fields. as hidden form fields.

View file

@ -31,7 +31,7 @@ module ActionDispatch
TRUSTED_PROXIES = %r{ TRUSTED_PROXIES = %r{
^127\.0\.0\.1$ | # localhost IPv4 ^127\.0\.0\.1$ | # localhost IPv4
^::1$ | # localhost IPv6 ^::1$ | # localhost IPv6
^fc00: | # private IPv6 range fc00 ^[fF][cCdD] | # private IPv6 range fc00::/7
^10\. | # private IPv4 range 10.x.x.x ^10\. | # private IPv4 range 10.x.x.x
^172\.(1[6-9]|2[0-9]|3[0-1])\.| # private IPv4 range 172.16.0.0 .. 172.31.255.255 ^172\.(1[6-9]|2[0-9]|3[0-1])\.| # private IPv4 range 172.16.0.0 .. 172.31.255.255
^192\.168\. # private IPv4 range 192.168.x.x ^192\.168\. # private IPv4 range 192.168.x.x

View file

@ -120,9 +120,12 @@ class RequestTest < ActiveSupport::TestCase
request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,::1' request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,::1'
assert_equal nil, request.remote_ip assert_equal nil, request.remote_ip
request = stub_request 'HTTP_X_FORWARDED_FOR' => '2001:0db8:85a3:0000:0000:8a2e:0370:7334, fe80:0000:0000:0000:0202:b3ff:fe1e:8329, ::1, fc00::' request = stub_request 'HTTP_X_FORWARDED_FOR' => '2001:0db8:85a3:0000:0000:8a2e:0370:7334, fe80:0000:0000:0000:0202:b3ff:fe1e:8329, ::1, fc00::, fc01::, fdff'
assert_equal 'fe80:0000:0000:0000:0202:b3ff:fe1e:8329', request.remote_ip assert_equal 'fe80:0000:0000:0000:0202:b3ff:fe1e:8329', request.remote_ip
request = stub_request 'HTTP_X_FORWARDED_FOR' => 'FE00::, FDFF::'
assert_equal 'FE00::', request.remote_ip
request = stub_request 'HTTP_X_FORWARDED_FOR' => 'not_ip_address' request = stub_request 'HTTP_X_FORWARDED_FOR' => 'not_ip_address'
assert_equal nil, request.remote_ip assert_equal nil, request.remote_ip
end end