Allow to configure trusted proxies via ActionController::Base.trusted…

…_proxies [#2126 state:resolved] Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
rails · Aug 9, 2009 · 654568e · 654568e
1 parent 7dbb2b6
commit 654568e
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 2 deletions.
diff --git a/actionpack/lib/action_controller/metal/compatibility.rb b/actionpack/lib/action_controller/metal/compatibility.rb
@@ -64,6 +64,8 @@ class ::ActionController::ActionControllerError < StandardError #:nodoc:
 
       cattr_accessor :ip_spoofing_check
       self.ip_spoofing_check = true
+
+      cattr_accessor :trusted_proxies
     end
 
     # For old tests

diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
@@ -246,7 +246,7 @@ def remote_ip
       remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/)
 
       unless remote_addr_list.blank?
-        not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
+        not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES || addr =~ ActionController::Base.trusted_proxies}
         return not_trusted_addrs.first unless not_trusted_addrs.empty?
       end
       remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
@@ -265,7 +265,7 @@ def remote_ip
       end
 
       if remote_ips
-        while remote_ips.size > 1 && TRUSTED_PROXIES =~ remote_ips.last.strip
+        while remote_ips.size > 1 && (TRUSTED_PROXIES =~ remote_ips.last.strip || ActionController::Base.trusted_proxies =~ remote_ips.last.strip)
           remote_ips.pop
         end
 

diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb
@@ -72,6 +72,34 @@ def teardown
     assert_equal '9.9.9.9', request.remote_ip
   end
 
+  test "remote ip with user specified trusted proxies" do
+    ActionController::Base.trusted_proxies = /^67\.205\.106\.73$/i
+
+    request = stub_request 'REMOTE_ADDR' => '67.205.106.73',
+                           'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+    assert_equal '3.4.5.6', request.remote_ip
+
+    request = stub_request 'REMOTE_ADDR' => '172.16.0.1,67.205.106.73',
+                           'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+    assert_equal '3.4.5.6', request.remote_ip
+
+    request = stub_request 'REMOTE_ADDR' => '67.205.106.73,172.16.0.1',
+                           'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+    assert_equal '3.4.5.6', request.remote_ip
+
+    request = stub_request 'REMOTE_ADDR' => '67.205.106.74,172.16.0.1',
+                           'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+    assert_equal '67.205.106.74', request.remote_ip
+
+    request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,67.205.106.73'
+    assert_equal 'unknown', request.remote_ip
+
+    request = stub_request 'HTTP_X_FORWARDED_FOR' => '9.9.9.9, 3.4.5.6, 10.0.0.1, 67.205.106.73'
+    assert_equal '3.4.5.6', request.remote_ip
+
+    ActionController::Base.trusted_proxies = nil
+  end
+
   test "domains" do
     request = stub_request 'HTTP_HOST' => 'www.rubyonrails.org'
     assert_equal "rubyonrails.org", request.domain