Sha256: 127ecf2a5019a1b3aa5ef7e080b7985032064475cb43a1b3fa2051a63528a227
Contents?: true
Size: 736 Bytes
Versions: 3
Compression:
Stored size: 736 Bytes
Contents
# frozen_string_literal: true
require 'rack/protection'
module Rack
module Protection
##
# Prevented attack:: IP spoofing
# Supported browsers:: all
# More infos:: http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing/
#
# Detect (some) IP spoofing attacks.
class IPSpoofing < Base
default_reaction :deny
def accepts?(env)
return true unless env.include? 'HTTP_X_FORWARDED_FOR'
ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/)
return false if env.include?('HTTP_CLIENT_IP') && (!ips.include? env['HTTP_CLIENT_IP'])
return false if env.include?('HTTP_X_REAL_IP') && (!ips.include? env['HTTP_X_REAL_IP'])
true
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| rack-protection-3.0.2 | lib/rack/protection/ip_spoofing.rb |
| rack-protection-3.0.1 | lib/rack/protection/ip_spoofing.rb |
| rack-protection-3.0.0 | lib/rack/protection/ip_spoofing.rb |