aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--actionpack/lib/action_dispatch.rb1
-rw-r--r--actionpack/lib/action_dispatch/middleware/block_untrusted_ips.rb25
2 files changed, 26 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch.rb b/actionpack/lib/action_dispatch.rb
index 479ea959e6..1abb283b11 100644
--- a/actionpack/lib/action_dispatch.rb
+++ b/actionpack/lib/action_dispatch.rb
@@ -42,6 +42,7 @@ module ActionDispatch
end
autoload_under 'middleware' do
+ autoload :BlockUntrustedIps
autoload :Callbacks
autoload :Cascade
autoload :Cookies
diff --git a/actionpack/lib/action_dispatch/middleware/block_untrusted_ips.rb b/actionpack/lib/action_dispatch/middleware/block_untrusted_ips.rb
new file mode 100644
index 0000000000..8aed0c45a6
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/block_untrusted_ips.rb
@@ -0,0 +1,25 @@
+module ActionDispatch
+ class BlockUntrustedIps
+ class SpoofAttackError < StandardError ; end
+
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ if @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_CLIENT_IP']
+ remote_ips = @env['HTTP_X_FORWARDED_FOR'].split(',')
+
+ unless remote_ips.include?(@env['HTTP_CLIENT_IP'])
+ http_client_ip = @env['HTTP_CLIENT_IP'].inspect
+ http_forwarded_for = @env['HTTP_X_FORWARDED_FOR'].inspect
+
+ raise SpoofAttackError, "IP spoofing attack?!\n " \
+ "HTTP_CLIENT_IP=#{http_client_ip}\n HTTP_X_FORWARDED_FOR=http_forwarded_for"
+ end
+ end
+
+ @app.call(env)
+ end
+ end
+end \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 02:59:34 +0000