ipaccess 1.2.2 → 1.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b6d8d6f3a6fb60cff951294e480196549e9da563
-  data.tar.gz: 38c2a1f94f3dc943e06f0d9ceb796e4742aefccf
+  metadata.gz: 5c067da1cc87d038d6403e92656123c4423ccf83
+  data.tar.gz: de98f452bb6a6e9b316a7f6bed1844419ea171ce
 SHA512:
-  metadata.gz: 3f21cba65126bc0b99359b626cf271687f371bb63694af255c29af018be75c39f51078c1347e416c6be9aa80069e6a8e1ab4291e688427b766430d4214867de8
-  data.tar.gz: a01d3fcdc90cc583e4af458da0ceb85f3a9241cb411ef7f9eddc3a4fe45123c2755627c0456e2731a5284dfcb3e5a162bc0b3b8db894ffcd988beeef4b24883e
+  metadata.gz: 6b2c28324a897856ebbc67bb807d716f65e6d8e0a49ff3715b05635948c75699d29e0b797a60c4e40eed8912f23820a73c1a858720107cd5483cb2b932e5a080
+  data.tar.gz: 5d78bfe1b8491064c952bfb04f9fc566c62549c5370ab7c6d91a06a25913b71a7dec474b07640ae8d45cf232df5a8b765844b1cacd730b8e8eebb49a9ff3daf6

data/ChangeLog

@@ -1,3 +1,63 @@
+commit 32b176f52c9a7aa3caf2375215c4ffa6030d5c45
+Author: Paweł Wilk <siefca@gnu.org>
+Date:   Thu Dec 26 03:35:07 2013 +0100
+
+    Gemspec regenerated
+
+commit bfe69f65bb505335b02cc6362096e10c263d3a8b
+Author: Paweł Wilk <siefca@gnu.org>
+Date:   Thu Dec 26 03:34:34 2013 +0100
+
+    Image links in documentation changed to remote GitHub assets
+
+commit 8f6b9754d2a95558cc2a32f4c2dd0b4d82be7a8a
+Author: Paweł Wilk <siefca@gnu.org>
+Date:   Thu Dec 26 03:28:53 2013 +0100
+
+    Version bump
+
+commit f349435979ef92105fd559ca4f40078bb1919c67
+Author: Paweł Wilk <siefca@gnu.org>
+Date:   Thu Dec 26 03:28:40 2013 +0100
+
+    Open-uri example updated
+
+commit 46e0836b6dc9a7dc12095ada8be7856352b88cba
+Author: Paweł Wilk <siefca@gnu.org>
+Date:   Thu Dec 26 03:28:29 2013 +0100
+
+    Net::HTTP#connect wrapped in IPAccess::Patches::Net::HTTP
+
+commit 27b0545884c616d141220c5817837fb3359911f5
+Author: Paweł Wilk <siefca@gnu.org>
+Date:   Thu Dec 26 03:02:20 2013 +0100
+
+    Open-uri example simplified
+
+commit abcfd75caed6c0768b9ed01803633577855f9400
+Author: Paweł Wilk <siefca@gnu.org>
+Date:   Thu Dec 26 02:58:34 2013 +0100
+
+    Required Ruby version is now 1.9.2
+
+commit cb4774148d7e1e16f9162589c39525bc13113708
+Author: Paweł Wilk <siefca@gnu.org>
+Date:   Tue Dec 24 15:00:44 2013 +0100
+
+    Readme updated
+
+commit d026e34e862153c93e69562e72ef6bd2ab6434b9
+Author: Paweł Wilk <siefca@gnu.org>
+Date:   Tue Dec 24 14:50:20 2013 +0100
+
+    Added Badge to Readme
+
+commit 7f969e0bd5c6170d356f74427377c0f0254d389f
+Author: Paweł Wilk <siefca@gnu.org>
+Date:   Tue Dec 24 14:46:28 2013 +0100
+
+    Readme updated
+
 commit 1583d574540f53806e2e77ae0e6d336307b3fc60
 Author: Paweł Wilk <siefca@gnu.org>
 Date:   Tue Dec 24 14:43:08 2013 +0100

data/README.md

@@ -1,9 +1,12 @@
 # IP Access Control for Ruby
 
+[![Gem Version](https://badge.fury.io/rb/ipaccess.png)](http://badge.fury.io/rb/ipaccess)
+
 **ipaccess version `1.2`** (`Mortal Compat`)
 
 * https://rubygems.org/gems/ipaccess
 * https://github.com/siefca/ipaccess
+* http://rubydoc.info/gems/ipaccess/
 * pw@gnu.org
 
 ## Description
@@ -17,8 +20,8 @@ shipped with this library.
 ## Features
 
 * Maintaining IP access lists based on rules; see [IPAccess::List](http://rubydoc.info/gems/ipaccess/IPAccess/List).
-* Grouping input/output access lists into sets; [IPAccess::Set](http://rubydoc.info/gems/ipaccess/IPAccess/Set).
-* Automating access checks and raising exceptions; [IPAccess::Set](http://rubydoc.info/gems/ipaccess/IPAccess/Set#check_in).
+* Grouping input/output access lists into sets; see [IPAccess::Set](http://rubydoc.info/gems/ipaccess/IPAccess/Set).
+* Automating access checks and raising exceptions; see [IPAccess::Set](http://rubydoc.info/gems/ipaccess/IPAccess/Set#check_in).
 * Many formats of IP addresses accepted; see [IPAccess.to_cidrs](http://rubydoc.info/gems/ipaccess/IPAccess#to_cidrs-class_method).
 * Variants of socket handling classes with IP access control; see [IPAccess::Socket](http://rubydoc.info/gems/ipaccess/IPAccess/Socket) and [IPAccess::Net](http://rubydoc.info/gems/ipaccess/IPAccess/Net).
 * Methods for patching native socket handling classes; see [IPAccess.arm](http://rubydoc.info/gems/ipaccess/IPAccess#arm-class_method).
@@ -40,20 +43,40 @@ classes that use IPAccess::Set instances to control access of the real TCP/IP tr
 
 ## Synopsis
 
-	# load patched sockets
-	require 'ipaccess/socket'
+Total control:
+
+```ruby
+require 'ipaccess/net/http'
+require 'open-uri'
+
+# Add host's IP by to black list of global output access set
+IPAccess::Set::Global.output.blacklist 'example.org'
+
+# Arm all future sockets used by Net::HTTP
+IPAccess.arm Net::HTTP
+
+# Open URI
+open 'http://example.org/'
+```
+
+Access management for specific socket objects:
+
+```ruby
+# load patched sockets
+require 'ipaccess/socket'
+
+# assume IP given by untrusted user
+ip_from_user = '192.168.5.5'
+
+# create new access set
+acl = IPAccess::Set.new
 
-	# assume IP given by untrusted user
-	ip_from_user = '192.168.5.5'
+# blacklist private and local subnets
+acl.output.block :private, :local
 
-	# create new access set
-	acl = IPAccess::Set.new
-	
-	# blacklist private and local subnets
-	acl.output.block :private, :local
-	
-	# create TCP socket with IP access control
-	socket = IPAccess::TCPSocket(ip_from_user, 80, acl)
+# create TCP socket with IP access control
+socket = IPAccess::TCPSocket(ip_from_user, 80, acl)
+```
 
 ## Requirements
 
@@ -78,7 +101,7 @@ classes that use IPAccess::Set instances to control access of the real TCP/IP tr
 
 ## More information
 
-See IPAccess module's documentation for more information.
+See IPAccess module's [documentation](http://rubydoc.info/gems/ipaccess/) for more information.
 
 ## License
 

data/Rakefile

@@ -30,7 +30,7 @@ Hoe.plugin :gemspec
 
 Hoe.spec 'ipaccess' do
   developer           "Paweł Wilk", "pw@gnu.org"
-  self.version         =  "1.2.2"
+  self.version         =  "1.2.3"
   self.rubyforge_name  = 'ipaccess'
   self.summary         = 'IP Access Control for Ruby'
   self.description     = 'This library allows you to control IP access for sockets and other objects'
@@ -41,6 +41,8 @@ Hoe.spec 'ipaccess' do
   self.readme_file     = 'README.md'
   self.history_file    = 'docs/HISTORY'
 
+  require_ruby_version '>= 1.9.2'
+
   extra_deps          << ["netaddr",">= 1.5.0"]
   extra_dev_deps      << ['rspec',            '>= 2.6.0']     <<
                          ['yard',             '>= 0.8.2']     <<

data/examples/open-uri.rb

@@ -1,14 +1,23 @@
 $:.unshift File.join(File.dirname(__FILE__), "..", "lib")
 
+require 'net/http'
 require 'ipaccess/net/http'
 require 'open-uri'
-require 'uri'
 
 # Add host's IP by to black list of global output access set
-IPAccess::Set::Global.output.blacklist 'example.org'
+IPAccess::Set::Global.output.blacklist :unusual
 
 # Arm sockets
 IPAccess.arm Net::HTTP
 
+# Set some defaults
+Net::HTTP.ipaccess_defaults = {
+  :check_only_real => true,
+  :opened_on_deny  => true
+}
+
+# Show blacklisted IP addresses
+puts IPAccess::Set::Global.output.show
+
 # Open URI
-open 'http://example.org/'
+open 'http://localhost/'

data/ipaccess.gemspec

@@ -1,21 +1,22 @@
 # -*- encoding: utf-8 -*-
-# stub: ipaccess 1.2.0.20131223130056 ruby lib
+# stub: ipaccess 1.2.3.20131226033445 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "ipaccess"
-  s.version = "1.2.0.20131223130056"
+  s.version = "1.2.3.20131226033445"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Pawe\u{142} Wilk"]
   s.cert_chain = ["/Users/siefca/.gem/gem-public_cert.pem"]
-  s.date = "2013-12-23"
+  s.date = "2013-12-26"
   s.description = "This library allows you to control IP access for sockets and other objects"
   s.email = ["pw@gnu.org"]
-  s.extra_rdoc_files = ["Manifest.txt"]
-  s.files = [".rspec", ".yardopts", "ChangeLog", "LGPL-LICENSE", "Manifest.txt", "README.md", "Rakefile", "docs/COPYING", "docs/FAQ", "docs/HISTORY", "docs/LEGAL", "docs/LGPL", "docs/TODO", "docs/images/ipaccess.png", "docs/images/ipaccess_ac_for_args.png", "docs/images/ipaccess_ac_for_socket.png", "docs/images/ipaccess_logo.png", "docs/images/ipaccess_relations.png", "docs/images/ipaccess_setup_origin.png", "docs/images/ipaccess_setup_origin_tab.png", "docs/images/ipaccess_view.png", "docs/rdoc.css", "examples/ftp.rb", "examples/http.rb", "examples/imap.rb", "examples/pop.rb", "examples/smtp.rb", "examples/tcp_server.rb", "examples/tcp_socket.rb", "examples/telnet.rb", "examples/text_message.rb", "lib/ipaccess.rb", "lib/ipaccess/arm_sockets.rb", "lib/ipaccess/ghost_doc/ghost_doc.rb", "lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc", "lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_http.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_blacklist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_blacklist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unblacklist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_unwhitelist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_whitelist.rb", "lib/ipaccess/ghost_doc/ghost_doc_p_whitelist_e.rb", "lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rb", "lib/ipaccess/ghost_doc/ghost_doc_sockets.rb", "lib/ipaccess/ip_access_check.rb", "lib/ipaccess/ip_access_errors.rb", "lib/ipaccess/ip_access_list.rb", "lib/ipaccess/ip_access_set.rb", "lib/ipaccess/net/ftp.rb", "lib/ipaccess/net/http.rb", "lib/ipaccess/net/https.rb", "lib/ipaccess/net/imap.rb", "lib/ipaccess/net/pop.rb", "lib/ipaccess/net/smtp.rb", "lib/ipaccess/net/telnet.rb", "lib/ipaccess/patches/generic.rb", "lib/ipaccess/patches/net_ftp.rb", "lib/ipaccess/patches/net_http.rb", "lib/ipaccess/patches/net_https.rb", "lib/ipaccess/patches/net_imap.rb", "lib/ipaccess/patches/net_pop.rb", "lib/ipaccess/patches/net_smtp.rb", "lib/ipaccess/patches/net_telnet.rb", "lib/ipaccess/patches/netaddr.rb", "lib/ipaccess/patches/sockets.rb", "lib/ipaccess/socket.rb", "lib/ipaccess/sockets.rb", "spec/ip_access_list_spec.rb", "spec/rcov.opts", "spec/spec.opts", ".gemtest"]
+  s.extra_rdoc_files = ["Manifest.txt", "lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc", "lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc"]
+  s.files = [".rspec", ".yardopts", "ChangeLog", "LGPL-LICENSE", "Manifest.txt", "README.md", "Rakefile", "docs/COPYING", "docs/FAQ", "docs/HISTORY", "docs/LEGAL", "docs/LGPL", "docs/TODO", "docs/images/ipaccess.png", "docs/images/ipaccess_ac_for_args.png", "docs/images/ipaccess_ac_for_socket.png", "docs/images/ipaccess_logo.png", "docs/images/ipaccess_relations.png", "docs/images/ipaccess_setup_origin.png", "docs/images/ipaccess_setup_origin_tab.png", "docs/images/ipaccess_view.png", "docs/rdoc.css", "docs/yard-tpl/default/fulldoc/html/css/common.css", "examples/ftp.rb", "examples/http.rb", "examples/imap.rb", "examples/open-uri.rb", "examples/pop.rb", "examples/smtp.rb", "examples/tcp_server.rb", "examples/tcp_socket.rb", "examples/telnet.rb", "examples/text_message.rb", "ipaccess.gemspec", "lib/ipaccess.rb", "lib/ipaccess/arm_sockets.rb", "lib/ipaccess/core.rb", "lib/ipaccess/ghost_doc/ghost_doc.rb", "lib/ipaccess/ghost_doc/ghost_doc_acl.rdoc", "lib/ipaccess/ghost_doc/ghost_doc_net_ftp.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_http.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_smtp.rb", "lib/ipaccess/ghost_doc/ghost_doc_net_telnet.rb", "lib/ipaccess/ghost_doc/ghost_doc_patched_usage.rdoc", "lib/ipaccess/ghost_doc/ghost_doc_sockets.rb", "lib/ipaccess/ip_access_check.rb", "lib/ipaccess/ip_access_errors.rb", "lib/ipaccess/ip_access_list.rb", "lib/ipaccess/ip_access_set.rb", "lib/ipaccess/net/ftp.rb", "lib/ipaccess/net/http.rb", "lib/ipaccess/net/https.rb", "lib/ipaccess/net/imap.rb", "lib/ipaccess/net/pop.rb", "lib/ipaccess/net/smtp.rb", "lib/ipaccess/net/telnet.rb", "lib/ipaccess/patches/generic.rb", "lib/ipaccess/patches/net_ftp.rb", "lib/ipaccess/patches/net_http.rb", "lib/ipaccess/patches/net_https.rb", "lib/ipaccess/patches/net_imap.rb", "lib/ipaccess/patches/net_pop.rb", "lib/ipaccess/patches/net_smtp.rb", "lib/ipaccess/patches/net_telnet.rb", "lib/ipaccess/patches/netaddr.rb", "lib/ipaccess/patches/sockets.rb", "lib/ipaccess/socket.rb", "lib/ipaccess/sockets.rb", "spec/ip_access_list_spec.rb", "spec/rcov.opts", "spec/spec.opts", ".gemtest"]
   s.homepage = "https://rubygems.org/gems/ipaccess"
   s.rdoc_options = ["--title", "Ipaccess Documentation", "--quiet"]
   s.require_paths = ["lib"]
+  s.required_ruby_version = Gem::Requirement.new(">= 1.9.2")
   s.rubyforge_project = "ipaccess"
   s.rubygems_version = "2.1.11"
   s.signing_key = "/Users/siefca/.gem/gem-private_key.pem"

data/lib/ipaccess/core.rb

@@ -99,7 +99,7 @@ require 'ipaccess/ip_access_set'
 # To properly understand what are the most important structures mentioned above it's worth
 # to look at the diagram:
 # 
-# link:images/ipaccess_view.png
+# link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_view.png
 #  
 # == Usage
 # 
@@ -175,7 +175,7 @@ require 'ipaccess/ip_access_set'
 # between the IPAccess::TCPSocket class
 # and other classes from this module:
 # 
-# link:images/ipaccess_relations.png
+# link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_relations.png
 
 module IPAccess
 

data/lib/ipaccess/ghost_doc/ghost_doc_net_http.rb

@@ -228,19 +228,26 @@ class IPAccess::Net::HTTP
   def acl_recheck
     # Real code hidden.
   end
-  
-  # :call-seq:
-  #   new(address)<br />
-  #   new(address, acl) <br />
-  #   new(address, port, acl)
-  # 
+
   # Creates a new object for the specified address.
   # This method does not open the TCP connection.
   # It optionally sets an access set given as the
   # last parameter. If parameter is not given it
   # sets ACL to IPAccess::Set.Global.
-  
-  def initialize
+  # 
+  # Flags are symbols that control behavior of IPAccess:
+  # 
+  #   * +:opened_on_deny+ causes blocking method to leave a socket open when access is denied and a socket was re-checked
+  #   * +:check_only_proxy+ causes access checks to be applied only to a proxy server address if a proxy is in use
+  #   * +:check_only_real+ causes access check to be applied only to a destination address (and not to proxy server) if a proxy is in use
+  # 
+  # @overload new(address)
+  # @overload new(address, acl)
+  # @overload new(address, port, acl)
+  # @overload new(address, acl, *flags)
+  # @overload new(address, port, acl, *flags)
+
+  def initialize(address)
     # Real code hidden.
   end
 

data/lib/ipaccess/ip_access_check.rb

@@ -247,13 +247,13 @@ module IPAccess
     # how it works you may
     # look at the workflow diagram:
     # 
-    # link:images/ipaccess_setup_origin.png
+    # link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_setup_origin.png
     #
     # To predict the logic in an easy way
     # you may also find the input/output states
     # table useful:
     # 
-    # link:images/ipaccess_setup_origin_tab.png
+    # link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_setup_origin_tab.png
     #
     # After calling this method you may find
     # a reference to two original objects.
@@ -382,7 +382,7 @@ module IPAccess
     # In order to understand this method's logic
     # properly you may look at the diagram:
     # 
-    # link:images/ipaccess_ac_for_args.png
+    # link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_ac_for_args.png
     
     def check(*addresses) # :yields: address, rule, list, addresses, originator
       return addresses if self.empty?
@@ -411,7 +411,7 @@ module IPAccess
     # In order to understand this method's logic
     # properly you may look at the diagram:
     # 
-    # link:images/ipaccess_ac_for_socket.png
+    # link:https://raw.github.com/siefca/IPAccess/master/docs/images/ipaccess_ac_for_socket.png
     
     def check_socket(socket, originator=nil) # :yields: address, rule, list, socket, originator
       if (self.empty? || !socket.respond_to?(:getpeername))

data/lib/ipaccess/patches/net_http.rb

@@ -33,15 +33,17 @@ require 'ipaccess/patches/sockets'
 # :stopdoc:
 
 module IPAccess::Patches::Net
-  
+
   ###################################################################
   # Net::HTTP class with IP access control.
   # It uses output access lists.
-  
+
   module HTTP
 
     include IPAccess::Patches::ACL
 
+    IPAC_KNOWN_FLAGS = [:opened_on_deny, :check_only_proxy, :check_only_real].freeze
+
     def self.included(base)
 
       marker = (base.name =~ /IPAccess/) ? base.superclass : base
@@ -49,7 +51,7 @@ module IPAccess::Patches::Net
       base.instance_variable_set(:@uses_ipaccess, true)
 
       base.class_eval do
-        
+
         # CLASS METHODS
         unless (base.name.nil? && base.class.name == "Class")
           (class << self; self; end).class_eval do
@@ -58,24 +60,28 @@ module IPAccess::Patches::Net
 
             # overload HTTP.new() since it's not usual.
         	  define_method :new do |address, *args|
-        	    late_opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
+              passed_flags = {}
+        	    args.reject! { |x| x.is_a?(Symbol) && IPAC_KNOWN_FLAGS.include?(x) && passed_flags[x] = true }
         	    args.pop if args.last.nil?
               late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
               obj = __ipac__orig_new(address, *args)
               obj.acl = late_acl unless obj.acl == late_acl
-              obj.opened_on_deny = late_opened_on_deny
+              obj.opened_on_deny   = passed_flags.fetch(:opened_on_deny,    ipaccess_defaults.fetch(:opened_on_deny, false)   )
+              obj.check_only_proxy = passed_flags.fetch(:check_only_proxy,  ipaccess_defaults.fetch(:check_only_proxy, false) )
+              obj.check_only_real  = passed_flags.fetch(:check_only_real,   ipaccess_defaults.fetch(:check_only_real, false)  )
               return obj
             end
-            
+
             # overwrite HTTP.start()
             define_method :__ipacall__start do |block, address, *args|
-              late_on_deny = ( !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny } ? :opened_on_deny : nil )
+              passed_flags = []
+              args.reject! { |x| x.is_a?(Symbol) && IPAC_KNOWN_FLAGS.include?(x) && passed_flags << x }
               args.pop if args.last.nil?
               acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
               port, p_addr, p_port, p_user, p_pass = *args
-              new(address, port, p_addr, p_port, p_user, p_pass, acl, late_on_deny).start(&block)
+              new(address, port, p_addr, p_port, p_user, p_pass, acl, *passed_flags).start(&block)
             end
-            
+
             # block passing wrapper for Ruby 1.8
             def start(*args, &block)
               __ipacall__start(block, *args)
@@ -83,56 +89,81 @@ module IPAccess::Patches::Net
 
             # overwrite HTTP.get_response()
         	  define_method :__ipacall__get_response do |block, uri_or_host, *args|
-        	    late_on_deny = ( !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny } ? :opened_on_deny : nil )
+        	    passed_flags = []
+              args.reject! { |x| x.is_a?(Symbol) && IPAC_KNOWN_FLAGS.include?(x) && passed_flags << x }
         	    args.pop if args.last.nil?
         	    late_acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
         	    path, port = *args
         	    if path
                 host = uri_or_host
-                new(host, (port || Net::HTTP.default_port), late_acl, late_on_deny).start { |http|
+                new(host, (port || Net::HTTP.default_port), late_acl, *passed_flags).start { |http|
                   return http.request_get(path, &block)
                 }
               else
                 uri = uri_or_host
-                new(uri.host, uri.port, late_acl, late_on_deny).start { |http|
+                new(uri.host, uri.port, late_acl, *passed_flags).start { |http|
                   return http.request_get(uri.request_uri, &block)
                 }
               end
             end
-            
+
             # block passing wrapper for Ruby 1.8
             def get_response(*args, &block)
               __ipacall__get_response(block, *args)
             end
-            
+
+            # this allows to initialize defaults
+            def ipaccess_defaults
+              @ipaccess_defaults ||= {
+                :opened_on_deny   => false,
+                :check_only_proxy => false,
+                :check_only_real  => false
+              }
+            end
+
+            # this allows to set defaults
+            def ipaccess_defaults=(vals)
+              ipaccess_defaults.merge!(vals)
+            end
+
       	  end
-      	
+
     	  end # class methods
-        
+
+        attr_accessor :check_only_proxy, :check_only_real
+
         orig_initialize       = self.instance_method :initialize
         orig_conn_address     = self.instance_method :conn_address
         orig_on_connect       = self.instance_method :on_connect
-        
+        orig_connect          = self.instance_method :connect
+
         # initialize on steroids.
         define_method  :__ipacall__initialize do |block, *args|
-          @opened_on_deny = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny }
+          @opened_on_deny     = !!args.reject! { |x| x.is_a?(Symbol) && x == :opened_on_deny   }
+          @check_only_proxy   = !!args.reject! { |x| x.is_a?(Symbol) && x == :check_only_proxy }
+          @check_only_real    = !!args.reject! { |x| x.is_a?(Symbol) && x == :check_only_real  }
+          if self.class.respond_to?(:ipaccess_defaults)
+            @opened_on_deny   ||= self.class.ipaccess_defaults.fetch(:opened_on_deny,   false)
+            @check_only_proxy ||= self.class.ipaccess_defaults.fetch(:check_only_proxy, false)
+            @check_only_real  ||= self.class.ipaccess_defaults.fetch(:check_only_real,  false)
+          end
           args.pop if args.last.nil?
           self.acl = IPAccess.valid_acl?(args.last) ? args.pop : :global
           orig_initialize.bind(self).call(*args, &block)
         end
-        
+
         # block passing wrapper for Ruby 1.8
         def initialize(*args, &block)
           __ipacall__initialize(block, *args)
         end
-                
+
         # on_connect on steroids.
         define_method :on_connect do
-          acl_recheck # check address form socket to be sure
+          acl_recheck # check address from socket to be sure
           orig_on_connect.bind(self).call
         end
         private :on_connect
-        
+
         # conn_address on steroids.
         define_method :conn_address do
           addr = orig_conn_address.bind(self).call
@@ -141,31 +172,43 @@ module IPAccess::Patches::Net
           return ipaddr
         end
         private :conn_address
-        
+
+        # connect on steroids.
+        define_method :connect do
+          if proxy? && !check_only_real
+            ipaddr = ::TCPSocket.getaddress(proxy_address)
+            real_acl.output.check_ipstring(ipaddr, self)
+            return orig_connect.bind(self).call if check_only_proxy
+          end
+          ipaddr = ::TCPSocket.getaddress(address)
+          real_acl.output.check_ipstring(ipaddr, self)
+          orig_connect.bind(self).call
+        end
+        private :connect
+
         # This method returns default access list indicator
         # used by protected object; in this case it's +:output+.
         define_method :default_list do
           :output
         end
-        
+
         # this hook will be called each time @acl is reassigned
         define_method :acl_recheck do
           try_arm_and_check_socket @socket
           nil
         end
-        
+
         # this hook terminates connection
         define_method :terminate do
           self.finish if self.started?
         end
-      
+
       end # base.class_eval
 
     end # self.included
-    
+
   end # module HTTP
-  
+
 end # module IPAccess::Patches
 
 # :startdoc:
-

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ipaccess
 version: !ruby/object:Gem::Version
-  version: 1.2.2
+  version: 1.2.3
 platform: ruby
 authors:
 - Paweł Wilk
@@ -28,7 +28,7 @@ cert_chain:
   rNombKmtHC0ASsAPzFZnw/+W2b73UATwnH0dZKm2TTZT5HeSqXnFUu9gH6MtI/S+
   VfsAlLTm8uSWA3CjR1dJYgRUp8tYQxwNwMv5IV1Fky9p8NKSU233lhBSOUJcrA==
   -----END CERTIFICATE-----
-date: 2013-12-24 00:00:00.000000000 Z
+date: 2013-12-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: netaddr
@@ -266,7 +266,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - '>='
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - '>='