Make Rack::Request use our trusted proxies when filtering IP addresses (!4958) · Merge requests · GitLab.org / GitLab FOSS

DJ Mountney requested to merge rack-request-trusted-proxies into master Jun 27, 2016

What does this MR do?

This allows us to control the trusted proxies while deployed in a private network.

Are there points in the code the reviewer needs to double check?

If we want to limit what is impacted, we can do this specifically for the rack_attack request object.

Why was this MR needed?

Normally Rack::Request will trust all private IPs as trusted proxies, which can cause problems if your users are connection on you network via private IP ranges.

Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.

What are the relevant issue numbers?

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17550

Does this MR meet the acceptance criteria?

CHANGELOG entry added
~~Documentation created/updated~~
~~API support added~~
Tests
- Added for this feature/bug
- All builds are passing
Conform by the style guides
Branch has no merge conflicts with master (if you do - rebase it please)
Squashed related commits together

\cc @stanhu

Make Rack::Request use our trusted proxies when filtering IP addresses

What does this MR do?

Are there points in the code the reviewer needs to double check?

Why was this MR needed?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports