summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam <sam.saffron@gmail.com>2018-01-05 16:53:50 +1100
committerLars Schneider <larsxschneider@github.com>2019-02-19 19:03:36 +0100
commit1bf218818502e820192a41c4da61aa0b0b6109af (patch)
tree71aedbf4edb0d5f2b648a5a654e407a69761a8d0
parentcb1fdb600bc525258b3c34ea95f1598ee6def9c6 (diff)
downloadrack-1bf218818502e820192a41c4da61aa0b0b6109af.tar.gz
Preserve forwarded IP address for trusted proxy chains
Sometimes proxies make requests to Rack applications, for example HAProxy health checks and so on. Previously the forwarded IP implementation ate up these IP addresses, making it hard to tell in Rack applications who made the request
Diffstat
-rw-r--r--lib/rack/request.rb2
-rw-r--r--test/spec_request.rb11
2 files changed, 11 insertions, 2 deletions
diff --git a/lib/rack/request.rb b/lib/rack/request.rb
index 6307b614..6fcf6ee9 100644
--- a/lib/rack/request.rb
+++ b/lib/rack/request.rb
@@ -261,7 +261,7 @@ module Rack
forwarded_ips = split_ip_addresses(get_header('HTTP_X_FORWARDED_FOR'))
- return reject_trusted_ip_addresses(forwarded_ips).last || get_header("REMOTE_ADDR")
+ return reject_trusted_ip_addresses(forwarded_ips).last || forwarded_ips.first || get_header("REMOTE_ADDR")
end
# The media type (type/subtype) portion of the CONTENT_TYPE header
diff --git a/test/spec_request.rb b/test/spec_request.rb
index cfaedbcf..6ed27ced 100644
--- a/test/spec_request.rb
+++ b/test/spec_request.rb
@@ -1286,7 +1286,16 @@ EOF
res.body.must_equal '2.2.2.3'
end
- it "regard local addresses as proxies" do
+ it "preserves ip for trusted proxy chain" do
+ mock = Rack::MockRequest.new(Rack::Lint.new(ip_app))
+ res = mock.get '/',
+ 'HTTP_X_FORWARDED_FOR' => '192.168.0.11, 192.168.0.7',
+ 'HTTP_CLIENT_IP' => '127.0.0.1'
+ res.body.must_equal '192.168.0.11'
+
+ end
+
+ it "regards local addresses as proxies" do
req = make_request(Rack::MockRequest.env_for("/"))
req.trusted_proxy?('127.0.0.1').must_equal 0
req.trusted_proxy?('10.0.0.1').must_equal 0
View Lorry Controller Status