8a245b80a5
Make Rack::Request use our trusted proxies when filtering IP addresses ## What does this MR do? This allows us to control the trusted proxies while deployed in a private network. ## Are there points in the code the reviewer needs to double check? If we want to limit what is impacted, we can do this specifically for the rack_attack request object. ## Why was this MR needed? Normally Rack::Request will trust all private IPs as trusted proxies, which can cause problems if your users are connection on you network via private IP ranges. Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead. ## What are the relevant issue numbers? Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17550 ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~ - [ ] ~~API support added~~ - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) \cc @stanhu See merge request !4958 |
||
---|---|---|
.. | ||
6_validations_spec.rb | ||
settings_spec.rb | ||
trusted_proxies_spec.rb |