cloudflare-rails 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Appraisals +4 -0
- data/README.md +4 -6
- data/cloudflare-rails.gemspec +3 -3
- data/gemfiles/rails_6.1.gemfile +7 -0
- data/lib/cloudflare/rails/version.rb +1 -1
- metadata +9 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6060b63792255ed6aebab33986d27092b1866052db8fcf496942692f1c51508d
|
4
|
+
data.tar.gz: 40d72f9bfefac5cf2f64c681d8833efb807ce20b314cd0433e9e07c03917b7ae
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3a0ac66d56d0a62957c73b564e9bc5586bb9328e146598e2b342de74bcd75e1a24541ae4b22fbd17f502a5a9a40c57a0e07bcd3b348950843d17b9cee0cc8d59
|
7
|
+
data.tar.gz: f175720c6f4f109a3ea1bc34c1e62bf1661a60df5e83c132e3677b078c6064359ca0c5afd98c26b8962e38c5692c876094146e1de586e8461ba1dc7c25854a11
|
data/Appraisals
CHANGED
data/README.md
CHANGED
@@ -3,9 +3,7 @@ This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com)
|
|
3
3
|
|
4
4
|
## Rails Compatibility
|
5
5
|
|
6
|
-
|
7
|
-
|
8
|
-
For Rails 4.2, use `0.1.x`
|
6
|
+
This gem requires Rails >= 5. The last version that supports Rails 4.2 is `0.1.x`.
|
9
7
|
|
10
8
|
## Installation
|
11
9
|
|
@@ -25,12 +23,12 @@ And then execute:
|
|
25
23
|
|
26
24
|
## Problem
|
27
25
|
|
28
|
-
Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
|
26
|
+
Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
|
29
27
|
|
30
28
|
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connecting is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
|
31
29
|
|
32
30
|
## Usage
|
33
|
-
This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
|
31
|
+
This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
|
34
32
|
|
35
33
|
You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your rails config:
|
36
34
|
```ruby
|
@@ -40,7 +38,7 @@ config.cloudflare.timeout = 5.seconds # default value
|
|
40
38
|
|
41
39
|
## Alternatives
|
42
40
|
|
43
|
-
[actionpack-cloudflare](https://github.com/customink/actionpack-cloudflare) simpler approach using the `CF-Connecting-IP` header.
|
41
|
+
[actionpack-cloudflare](https://github.com/customink/actionpack-cloudflare) simpler approach using the `CF-Connecting-IP` header.
|
44
42
|
|
45
43
|
## Development
|
46
44
|
|
data/cloudflare-rails.gemspec
CHANGED
@@ -24,15 +24,15 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.add_development_dependency "rake", "~> 13.0.1"
|
25
25
|
spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
|
26
26
|
spec.add_development_dependency "rspec-rails", "~> 4.0.0"
|
27
|
-
spec.add_development_dependency "rspec", "~> 3.
|
27
|
+
spec.add_development_dependency "rspec", "~> 3.10.0"
|
28
28
|
spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
|
29
|
-
spec.add_development_dependency "webmock", "~> 3.
|
29
|
+
spec.add_development_dependency "webmock", "~> 3.10.0"
|
30
30
|
spec.add_development_dependency "rack-attack", "~> 6.3.0"
|
31
31
|
spec.add_development_dependency "pry-byebug"
|
32
32
|
spec.add_development_dependency "appraisal"
|
33
33
|
|
34
34
|
spec.add_dependency "httparty"
|
35
|
-
spec.add_dependency "rails", ">= 5.0", "< 6.
|
35
|
+
spec.add_dependency "rails", ">= 5.0", "< 6.2.0"
|
36
36
|
|
37
37
|
# we need Module#prepend
|
38
38
|
spec.required_ruby_version = '>= 2.0'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cloudflare-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- jonathan schatz
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-09
|
11
|
+
date: 2020-12-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -72,14 +72,14 @@ dependencies:
|
|
72
72
|
requirements:
|
73
73
|
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: 3.
|
75
|
+
version: 3.10.0
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: 3.
|
82
|
+
version: 3.10.0
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: rubocop-airbnb
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 3.
|
103
|
+
version: 3.10.0
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 3.
|
110
|
+
version: 3.10.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: rack-attack
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -173,7 +173,7 @@ dependencies:
|
|
173
173
|
version: '5.0'
|
174
174
|
- - "<"
|
175
175
|
- !ruby/object:Gem::Version
|
176
|
-
version: 6.
|
176
|
+
version: 6.2.0
|
177
177
|
type: :runtime
|
178
178
|
prerelease: false
|
179
179
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -183,7 +183,7 @@ dependencies:
|
|
183
183
|
version: '5.0'
|
184
184
|
- - "<"
|
185
185
|
- !ruby/object:Gem::Version
|
186
|
-
version: 6.
|
186
|
+
version: 6.2.0
|
187
187
|
description: ''
|
188
188
|
email:
|
189
189
|
- modosc@users.noreply.github.com
|
@@ -213,6 +213,7 @@ files:
|
|
213
213
|
- gemfiles/rails_5.1.gemfile
|
214
214
|
- gemfiles/rails_5.2.gemfile
|
215
215
|
- gemfiles/rails_6.0.gemfile
|
216
|
+
- gemfiles/rails_6.1.gemfile
|
216
217
|
- lib/cloudflare/rails.rb
|
217
218
|
- lib/cloudflare/rails/railtie.rb
|
218
219
|
- lib/cloudflare/rails/version.rb
|