diff options
| author | Xavier Noria <fxn@hashref.com> | 2010-09-12 01:33:42 +0200 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2010-09-12 01:37:07 +0200 |
| commit | 9a8861f2e4080fe19b9cb1f10e39ba0110d1da7b (patch) | |
| tree | 21d1f5f5c706daee8a1843db32f7054b91b2d1df /actionpack | |
| parent | 96650f704a7a36097d634972484a305a639143c7 (diff) | |
| download | rails-9a8861f2e4080fe19b9cb1f10e39ba0110d1da7b.tar.gz rails-9a8861f2e4080fe19b9cb1f10e39ba0110d1da7b.tar.bz2 rails-9a8861f2e4080fe19b9cb1f10e39ba0110d1da7b.zip | |
removes /i from the TRUSTED_PROXIES regexp, adds /x and comments for readability, adds a pointer to a Wikipedia section that documents the matched IPs
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/request.rb | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index 789ecfdbd9..7a28228817 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -149,8 +149,16 @@ module ActionDispatch end # Which IP addresses are "trusted proxies" that can be stripped from - # the right-hand-side of X-Forwarded-For - TRUSTED_PROXIES = /^127\.0\.0\.1$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\./i + # the right-hand-side of X-Forwarded-For. + # + # http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces. + TRUSTED_PROXIES = %r{ + ^127\.0\.0\.1$ | # localhost + ^(10 | # private IP 10.x.x.x + 172\.(1[6-9]|2[0-9]|3[0-1]) | # private IP in the range 172.16.0.0 .. 172.31.255.255 + 192\.168 # private IP 192.168.x.x + )\. + }x # Determines originating IP address. REMOTE_ADDR is the standard # but will fail if the user is behind a proxy. HTTP_CLIENT_IP and/or |