Commit graph

10 commits

Author SHA1 Message Date
Nick Thomas
9f05e97aad
Run rubocop -a 2019-03-13 13:42:43 +00:00
Jasper Maes
44fef4fe4c Remove rails 4 support in CI, Gemfiles, bin/ and config/ 2018-12-14 19:36:22 +01:00
blackst0ne
2306e49060 [Rails5] Fix trusted proxies
There is a bug in trusted proxies: https://github.com/rails/rails/issues/5223
This commit adds a monkey patch to fix the bug.

Example of errors:

```
1) trusted_proxies with default config preserves private IPs
    Failure/Error: expect(request.ip).to eq('10.1.5.89')

      expected: "10.1.5.89"
          got: nil

      (compared using ==)
    # ./spec/initializers/trusted_proxies_spec.rb:12:in `block (3 levels) in <top (required)>'

2) trusted_proxies with default config filters out localhost
    Failure/Error: expect(request.ip).to eq('10.1.5.89')

      expected: "10.1.5.89"
          got: "1.1.1.1"

      (compared using ==)
    # ./spec/initializers/trusted_proxies_spec.rb:18:in `block (3 levels) in <top (required)>'
```
2018-05-03 20:14:20 +11:00
Robert Speicher
4edfad9678 Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
Douwe Maan
c10064aad5 Enable Style/SpaceInsideBrackets 2017-02-23 09:31:56 -06:00
lookatmike
ae108ff703 Ignore invalid IPs in X-Forwarded-For when trusted proxies are configured. 2016-07-31 15:36:11 -04:00
Stan Hu
8d73c76131 Ignore invalid trusted proxies in X-Forwarded-For header
Certain reverse proxies can send invalid IP addresses in the X-Forwarded-For header
For example, Apache can send (null).

Closes #20194
2016-07-23 21:06:19 -07:00
DJ Mountney
860785f007 Make Rack::Request use our trusted proxies when filtering IP addresses
This allows us to control the trusted proxies while deployed in a private network. Normally Rack::Request will trust all private IPs as trusted proxies, which can caue problems if your users are connection on you network via private IP ranges.

Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.
2016-06-29 21:19:55 -07:00
DJ Mountney
9ab70184e3 Pass trusted_proxies to action_dispatch as IPAddrs instead of strings
Without this setting your own trusted_proxies does not work.
2016-04-28 12:05:45 -07:00
DJ Mountney
38cff18af0 Adjust the default trusted_proxies to only include localhost, and allow other trusted proxies to be configured. 2016-04-12 10:42:59 -07:00