Commit graph

5 commits

Author SHA1 Message Date
lookatmike
ae108ff703 Ignore invalid IPs in X-Forwarded-For when trusted proxies are configured. 2016-07-31 15:36:11 -04:00
Stan Hu
8d73c76131 Ignore invalid trusted proxies in X-Forwarded-For header
Certain reverse proxies can send invalid IP addresses in the X-Forwarded-For header
For example, Apache can send (null).

Closes #20194
2016-07-23 21:06:19 -07:00
DJ Mountney
860785f007 Make Rack::Request use our trusted proxies when filtering IP addresses
This allows us to control the trusted proxies while deployed in a private network. Normally Rack::Request will trust all private IPs as trusted proxies, which can caue problems if your users are connection on you network via private IP ranges.

Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.
2016-06-29 21:19:55 -07:00
DJ Mountney
9ab70184e3 Pass trusted_proxies to action_dispatch as IPAddrs instead of strings
Without this setting your own trusted_proxies does not work.
2016-04-28 12:05:45 -07:00
DJ Mountney
38cff18af0 Adjust the default trusted_proxies to only include localhost, and allow other trusted proxies to be configured. 2016-04-12 10:42:59 -07:00