Skip to content
/ action_dispatch-untrusted_ip Public

Handle request.untrusted_ip address which reads from the HTTP_X_ORIG_FORWARDED_FOR header. This header is the original HTTP_X_FORWARDED_FOR header that is sent to our servers which we don't want to necessarily trust.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

avvo/action_dispatch-untrusted_ip

BranchesTags

Repository files navigation

ActionDispatch::UntrustedIp

This gem tries to centralize handling of untrusted HTTP_X_FORWARDED_FOR headers. If a user is using an external proxy that sets an HTTP_X_FORWARDED_FOR header, we will normally reject it at our load balancer. Instead, we pass this value to our applications as HTTP_X_ORIG_FORWARDED_FOR and let our applications decide what to do with it. This gem provides a simple accessor on the ActionDispatch::Request object.

Tested Ruby Versions

Version Result
2.6.6 ✔️
2.5.8 ✔️
2.4.10 ✔️
2.3.8 ✔️
2.2.10 ✔️

Installation

Add this line to your application's Gemfile:

gem 'action_dispatch-untrusted_ip'

And then execute:

$ bundle

Or install it yourself as:

$ gem install action_dispatch-untrusted_ip

Usage

This gem adds additional functionality to the ActionDispatch::Request object.

request.untrusted_ip

Contributing

Bug reports and pull requests are welcome on GitLab at https://github.com/avvo/action_dispatch-untrusted_ip.

About

Handle request.untrusted_ip address which reads from the HTTP_X_ORIG_FORWARDED_FOR header. This header is the original HTTP_X_FORWARDED_FOR header that is sent to our servers which we don't want to necessarily trust.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

40 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages