From 11404e17e3cb0ad6a80066d2219ce3db50af9b38 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Thu, 24 Feb 2005 12:03:17 +0000
Subject: Fixed that proxy IPs do not follow all RFC1918 nets #251
 [caleb@aei-tech.com]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@789 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/CHANGELOG                        | 2 ++
 actionpack/lib/action_controller/request.rb | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 0587481f60..5edbe387dc 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* Fixed that proxy IPs do not follow all RFC1918 nets #251 [caleb@aei-tech.com]
+
 * Added Base#render_to_string to parse a template and get the result back as a string #479
 
 * Fixed that send_file/data can work even if render* has been called before in action processing to render the content of a file to be send for example #601
diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb
index aaefe92ebf..69c325035b 100755
--- a/actionpack/lib/action_controller/request.rb
+++ b/actionpack/lib/action_controller/request.rb
@@ -43,7 +43,7 @@ module ActionController
 
       if env.include? 'HTTP_X_FORWARDED_FOR' then
         remote_ips = env['HTTP_X_FORWARDED_FOR'].split(',').reject do |ip|
-            ip =~ /^unknown$|^(10|172\.16|192\.168)\./i
+            ip =~ /^unknown$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\./i
         end
 
         return remote_ips.first.strip unless remote_ips.empty?
-- 
cgit v1.2.3