/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/lib/rack/protection/ip_spoofing.rb
Ruby | 23 lines | 15 code | 2 blank | 6 comment | 2 complexity | 9e55edf0dbbc1f64647668947186796b MD5 | raw file
1require 'rack/protection' 2 3module Rack 4 module Protection 5 ## 6 # Prevented attack:: IP spoofing 7 # Supported browsers:: all 8 # More infos:: http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing/ 9 # 10 # Detect (some) IP spoofing attacks. 11 class IPSpoofing < Base 12 default_reaction :deny 13 14 def accepts?(env) 15 return true unless env.include? 'HTTP_X_FORWARDED_FOR' 16 ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/) 17 return false if env.include? 'HTTP_CLIENT_IP' and not ips.include? env['HTTP_CLIENT_IP'] 18 return false if env.include? 'HTTP_X_REAL_IP' and not ips.include? env['HTTP_X_REAL_IP'] 19 true 20 end 21 end 22 end 23end