123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 |
- module ActionDispatch
- class RemoteIp
- module GetIpExtensions
- def calculate_ip
-
- remote_addr = ips_from(@req.remote_addr).last
-
- client_ips = ips_from(@req.client_ip).reverse!
- forwarded_ips = ips_from(@req.x_forwarded_for).reverse!
-
-
-
-
-
-
-
-
-
-
-
-
-
- should_check_ip = @check_ip && client_ips.last && forwarded_ips.last
- if should_check_ip && !forwarded_ips.include?(client_ips.last)
-
- raise IpSpoofAttackError, "IP spoofing attack?! " \
- "HTTP_CLIENT_IP=#{@req.client_ip.inspect} " \
- "HTTP_X_FORWARDED_FOR=#{@req.x_forwarded_for.inspect}"
- end
-
- if @check_ip && (forwarded_ips.last || client_ips.last) && !@proxies.any? { |proxy| proxy === remote_addr }
- raise IpSpoofAttackError, "IP spoofing attack?! client #{remote_addr} is not a trusted proxy " \
- "HTTP_CLIENT_IP=#{@req.client_ip.inspect} " \
- "HTTP_X_FORWARDED_FOR=#{@req.x_forwarded_for.inspect}"
- end
-
-
-
-
-
- ips = forwarded_ips + client_ips
- ips.compact!
-
-
- filter_proxies([remote_addr] + ips).first || ips.last || remote_addr
- end
- end
- end
- end
- ActionDispatch::RemoteIp::GetIp.prepend(ActionDispatch::RemoteIp::GetIpExtensions)
|