From 0a4a5f3129a137fc357e8444a08b135f0ad4fbe8 Mon Sep 17 00:00:00 2001
From: Darren Boyd <dboyd@tapiocamobile.com>
Date: Sat, 22 Nov 2008 10:04:30 -0800
Subject: Making the IP Spoofing check in AbstractRequest#remote_ip
 configurable.

Certain groups of web proxies do not set these values properly.  Notably,
proxies for cell phones, which often do not set the remote IP information
correctly (not surprisingly, since the clients do not have an IP address).

Allowing this to be configurable makes it possible for developers to choose
to ignore this simple spoofing check, when a significant amount of their
traffic would result in false positives anyway.

Signed-off-by: Michael Koziarski <michael@koziarski.com>

[#1200 state:committed]
---
 actionpack/CHANGELOG                        | 2 ++
 actionpack/lib/action_controller/base.rb    | 4 ++++
 actionpack/lib/action_controller/request.rb | 2 +-
 actionpack/test/controller/request_test.rb  | 9 +++++++++
 4 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 1110c5cac6..352c4253f4 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *2.3.0 [Edge]*
 
+* Allow users to opt out of the spoofing checks in Request#remote_ip.  Useful for sites whose traffic regularly triggers false positives. [Darren Boyd]
+
 * Deprecated formatted_polymorphic_url.  [Jeremy Kemper]
 
 * Added the option to declare an asset_host as an object that responds to call (see http://github.com/dhh/asset-hosting-with-minimum-ssl for an example) [DHH]
diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
index dca66ff0a5..c2f0c1c4f6 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -327,6 +327,10 @@ module ActionController #:nodoc:
     # sets it to <tt>:authenticity_token</tt> by default.
     cattr_accessor :request_forgery_protection_token
 
+    # Controls the IP Spoofing check when determining the remote IP.
+    @@ip_spoofing_check = true
+    cattr_accessor :ip_spoofing_check
+
     # Indicates whether or not optimise the generated named
     # route helper methods
     cattr_accessor :optimise_named_routes
diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb
index baa955cb04..087fffe87d 100755
--- a/actionpack/lib/action_controller/request.rb
+++ b/actionpack/lib/action_controller/request.rb
@@ -218,7 +218,7 @@ module ActionController
       remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
 
       if @env.include? 'HTTP_CLIENT_IP'
-        if remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
+        if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
           # We don't know which came from the proxy, and which from the user
           raise ActionControllerError.new(<<EOM)
 IP spoofing attack?!
diff --git a/actionpack/test/controller/request_test.rb b/actionpack/test/controller/request_test.rb
index 316a203e97..ba4a6da39b 100644
--- a/actionpack/test/controller/request_test.rb
+++ b/actionpack/test/controller/request_test.rb
@@ -66,6 +66,15 @@ class RequestTest < ActiveSupport::TestCase
     assert_match /HTTP_X_FORWARDED_FOR="9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4"/, e.message
     assert_match /HTTP_CLIENT_IP="8.8.8.8"/, e.message
 
+    # turn IP Spoofing detection off.
+    # This is useful for sites that are aimed at non-IP clients.  The typical
+    # example is WAP.  Since the cellular network is not IP based, it's a
+    # leap of faith to assume that their proxies are ever going to set the
+    # HTTP_CLIENT_IP/HTTP_X_FORWARDED_FOR headers properly.
+    ActionController::Base.ip_spoofing_check = false
+    assert_equal('8.8.8.8', @request.remote_ip(true))
+    ActionController::Base.ip_spoofing_check = true
+
     @request.env['HTTP_X_FORWARDED_FOR'] = '8.8.8.8, 9.9.9.9'
     assert_equal '8.8.8.8', @request.remote_ip(true)
 
-- 
cgit v1.2.3