Skip to content

Handle request.untrusted_ip address which reads from the HTTP_X_ORIG_FORWARDED_FOR header. This header is the original HTTP_X_FORWARDED_FOR header that is sent to our servers which we don't want to necessarily trust.

Notifications You must be signed in to change notification settings

avvo/action_dispatch-untrusted_ip

Repository files navigation

ActionDispatch::UntrustedIp

This gem tries to centralize handling of untrusted HTTP_X_FORWARDED_FOR headers. If a user is using an external proxy that sets an HTTP_X_FORWARDED_FOR header, we will normally reject it at our load balancer. Instead, we pass this value to our applications as HTTP_X_ORIG_FORWARDED_FOR and let our applications decide what to do with it. This gem provides a simple accessor on the ActionDispatch::Request object.

Tested Ruby Versions

Version Result
2.6.6 ✔️
2.5.8 ✔️
2.4.10 ✔️
2.3.8 ✔️
2.2.10 ✔️

Installation

Add this line to your application's Gemfile:

gem 'action_dispatch-untrusted_ip'

And then execute:

$ bundle

Or install it yourself as:

$ gem install action_dispatch-untrusted_ip

Usage

This gem adds additional functionality to the ActionDispatch::Request object.

request.untrusted_ip

Contributing

Bug reports and pull requests are welcome on GitLab at https://github.com/avvo/action_dispatch-untrusted_ip.

About

Handle request.untrusted_ip address which reads from the HTTP_X_ORIG_FORWARDED_FOR header. This header is the original HTTP_X_FORWARDED_FOR header that is sent to our servers which we don't want to necessarily trust.

Resources

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •