Permalink
Browse files

Merge pull request #3623 from indirect/remote_ip

Remote IP fixes/cleanup
  • Loading branch information...
2 parents e0efe48 + 9c4532b commit d37e169856dbe022ce892af2f36d96b2f1f63d8e @josevalim josevalim committed Nov 13, 2011
@@ -19,7 +19,7 @@ def initialize(app, check_ip_spoofing = true, custom_proxies = nil)
@app = app
@check_ip_spoofing = check_ip_spoofing
if custom_proxies
- custom_regexp = Regexp.new(custom_proxies, "i")
+ custom_regexp = Regexp.new(custom_proxies)
@trusted_proxies = Regexp.union(TRUSTED_PROXIES, custom_regexp)
else
@trusted_proxies = TRUSTED_PROXIES
@@ -51,11 +51,11 @@ def to_s
if check_ip && !forwarded_ips.include?(client_ip)
# We don't know which came from the proxy, and which from the user
raise IpSpoofAttackError, "IP spoofing attack?!" \
- "HTTP_CLIENT_IP=#{env['HTTP_CLIENT_IP'].inspect}" \
- "HTTP_X_FORWARDED_FOR=#{env['HTTP_X_FORWARDED_FOR'].inspect}"
+ "HTTP_CLIENT_IP=#{@env['HTTP_CLIENT_IP'].inspect}" \
+ "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}"
end
- client_ip || forwarded_ips.last || remote_addrs.last
+ client_ip || forwarded_ips.last || remote_addrs.first
end
protected
@@ -36,7 +36,7 @@ def url_for(options = {})
request = stub_request 'REMOTE_ADDR' => '1.2.3.4',
'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
- assert_equal '1.2.3.4', request.remote_ip
+ assert_equal '3.4.5.6', request.remote_ip
request = stub_request 'REMOTE_ADDR' => '127.0.0.1',
'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
@@ -106,7 +106,7 @@ def url_for(options = {})
request = stub_request 'REMOTE_ADDR' => '67.205.106.74,172.16.0.1',
'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
- assert_equal '67.205.106.74', request.remote_ip
+ assert_equal '3.4.5.6', request.remote_ip
request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,67.205.106.73'
assert_equal 'unknown', request.remote_ip

0 comments on commit d37e169

Please sign in to comment.