gitlab-org--gitlab-foss/config/initializers/trusted_proxies.rb
Stan Hu 8d73c76131 Ignore invalid trusted proxies in X-Forwarded-For header
Certain reverse proxies can send invalid IP addresses in the X-Forwarded-For header
For example, Apache can send (null).

Closes #20194
2016-07-23 21:06:19 -07:00

22 lines
803 B
Ruby

# Override Rack::Request to make use of the same list of trusted_proxies
# as the ActionDispatch::Request object. This is necessary for libraries
# like rack_attack where they don't use ActionDispatch, and we want them
# to block/throttle requests on private networks.
# Rack Attack specific issue: https://github.com/kickstarter/rack-attack/issues/145
module Rack
class Request
def trusted_proxy?(ip)
Rails.application.config.action_dispatch.trusted_proxies.any? { |proxy| proxy === ip }
end
end
end
gitlab_trusted_proxies = Array(Gitlab.config.gitlab.trusted_proxies).map do |proxy|
begin
IPAddr.new(proxy)
rescue IPAddr::InvalidAddressError
end
end.compact
Rails.application.config.action_dispatch.trusted_proxies = (
[ '127.0.0.1', '::1' ] + gitlab_trusted_proxies)