1. 13 Mar, 2019 1 commit
  2. 14 Dec, 2018 1 commit
  3. 03 May, 2018 1 commit
    • blackst0ne's avatar
      [Rails5] Fix trusted proxies · 2306e490
      blackst0ne authored
      There is a bug in trusted proxies: https://github.com/rails/rails/issues/5223
      This commit adds a monkey patch to fix the bug.
      
      Example of errors:
      
      ```
      1) trusted_proxies with default config preserves private IPs
          Failure/Error: expect(request.ip).to eq('10.1.5.89')
      
            expected: "10.1.5.89"
                got: nil
      
            (compared using ==)
          # ./spec/initializers/trusted_proxies_spec.rb:12:in `block (3 levels) in <top (required)>'
      
      2) trusted_proxies with default config filters out localhost
          Failure/Error: expect(request.ip).to eq('10.1.5.89')
      
            expected: "10.1.5.89"
                got: "1.1.1.1"
      
            (compared using ==)
          # ./spec/initializers/trusted_proxies_spec.rb:18:in `block (3 levels) in <top (required)>'
      ```
      2306e490
  4. 15 Aug, 2017 1 commit
  5. 23 Feb, 2017 1 commit
  6. 31 Jul, 2016 1 commit
  7. 24 Jul, 2016 1 commit
  8. 30 Jun, 2016 1 commit
    • DJ Mountney's avatar
      Make Rack::Request use our trusted proxies when filtering IP addresses · 860785f0
      DJ Mountney authored
      This allows us to control the trusted proxies while deployed in a private network. Normally Rack::Request will trust all private IPs as trusted proxies, which can caue problems if your users are connection on you network via private IP ranges.
      
      Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.
      860785f0
  9. 28 Apr, 2016 1 commit
  10. 12 Apr, 2016 1 commit