/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/lib/rack/protection/ip_spoofing.rb

https://github.com/delowong/logstash · Ruby · 23 lines · 15 code · 2 blank · 6 comment · 2 complexity · 9e55edf0dbbc1f64647668947186796b MD5 · raw file

  1. require 'rack/protection'
  2. module Rack
  3. module Protection
  4. ##
  5. # Prevented attack:: IP spoofing
  6. # Supported browsers:: all
  7. # More infos:: http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing/
  8. #
  9. # Detect (some) IP spoofing attacks.
  10. class IPSpoofing < Base
  11. default_reaction :deny
  12. def accepts?(env)
  13. return true unless env.include? 'HTTP_X_FORWARDED_FOR'
  14. ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/)
  15. return false if env.include? 'HTTP_CLIENT_IP' and not ips.include? env['HTTP_CLIENT_IP']
  16. return false if env.include? 'HTTP_X_REAL_IP' and not ips.include? env['HTTP_X_REAL_IP']
  17. true
  18. end
  19. end
  20. end
  21. end