Skip to content
Browse files

Add a BlockUntrustedIps middleware

  • Loading branch information...
1 parent 902d5a4 commit 9a9caf646d020e33ccdeac0f9b114acec019b599 Carl Lerche committed Mar 3, 2010
View
1 actionpack/lib/action_dispatch.rb
@@ -42,6 +42,7 @@ module ActionDispatch
end
autoload_under 'middleware' do
+ autoload :BlockUntrustedIps
autoload :Callbacks
autoload :Cascade
autoload :Cookies
View
25 actionpack/lib/action_dispatch/middleware/block_untrusted_ips.rb
@@ -0,0 +1,25 @@
+module ActionDispatch
+ class BlockUntrustedIps
+ class SpoofAttackError < StandardError ; end
+
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ if @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_CLIENT_IP']
+ remote_ips = @env['HTTP_X_FORWARDED_FOR'].split(',')
+
+ unless remote_ips.include?(@env['HTTP_CLIENT_IP'])
+ http_client_ip = @env['HTTP_CLIENT_IP'].inspect
+ http_forwarded_for = @env['HTTP_X_FORWARDED_FOR'].inspect
+
+ raise SpoofAttackError, "IP spoofing attack?!\n " \
+ "HTTP_CLIENT_IP=#{http_client_ip}\n HTTP_X_FORWARDED_FOR=http_forwarded_for"
+ end
+ end
+
+ @app.call(env)
+ end
+ end
+end

0 comments on commit 9a9caf6

Please sign in to comment.
Something went wrong with that request. Please try again.