diff options
author | Carl Lerche <carllerche@mac.com> | 2010-03-03 11:01:49 -0800 |
---|---|---|
committer | Carl Lerche <carllerche@mac.com> | 2010-03-03 21:24:00 -0800 |
commit | 9a9caf646d020e33ccdeac0f9b114acec019b599 (patch) | |
tree | 473bc1dd4ff9a6690fa0fb26aed19a271400ccc9 /actionpack/lib/action_dispatch/middleware | |
parent | 902d5a4f05c879674a3d010ac8ca76902308e18e (diff) | |
download | rails-9a9caf646d020e33ccdeac0f9b114acec019b599.tar.gz rails-9a9caf646d020e33ccdeac0f9b114acec019b599.tar.bz2 rails-9a9caf646d020e33ccdeac0f9b114acec019b599.zip |
Add a BlockUntrustedIps middleware
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/block_untrusted_ips.rb | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/block_untrusted_ips.rb b/actionpack/lib/action_dispatch/middleware/block_untrusted_ips.rb new file mode 100644 index 0000000000..8aed0c45a6 --- /dev/null +++ b/actionpack/lib/action_dispatch/middleware/block_untrusted_ips.rb @@ -0,0 +1,25 @@ +module ActionDispatch + class BlockUntrustedIps + class SpoofAttackError < StandardError ; end + + def initialize(app) + @app = app + end + + def call(env) + if @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_CLIENT_IP'] + remote_ips = @env['HTTP_X_FORWARDED_FOR'].split(',') + + unless remote_ips.include?(@env['HTTP_CLIENT_IP']) + http_client_ip = @env['HTTP_CLIENT_IP'].inspect + http_forwarded_for = @env['HTTP_X_FORWARDED_FOR'].inspect + + raise SpoofAttackError, "IP spoofing attack?!\n " \ + "HTTP_CLIENT_IP=#{http_client_ip}\n HTTP_X_FORWARDED_FOR=http_forwarded_for" + end + end + + @app.call(env) + end + end +end
\ No newline at end of file |