rack-allowed_hosts 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/rack/allowed_hosts.rb +71 -0
- data/lib/rack/allowed_hosts/version.rb +6 -0
- metadata +61 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 4e8a16d9cde4f0e3b7c9251ef74fad90b904c325
|
|
4
|
+
data.tar.gz: 9818c819bea2a4615cbbfca7585c8624dc85c181
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 946e54aa8cc564612724ea61db8d72e46a63206a7a07190126cc20b4919ed1c975ed6e848dde71e12769234a1ec1dce5717ab2bbc6552cafe42197efb596fd41
|
|
7
|
+
data.tar.gz: 24b5a2422bd9aad43f059152601f856dce14bc79a062c7be075c04905935cea2cdd7b0955588dae11dc40b159bf8fcbfd0325a5c55872ed478bba3aad01239c8
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
require 'rack/allowed_hosts/version'
|
|
2
|
+
|
|
3
|
+
# Rack::AllowedHosts
|
|
4
|
+
module Rack
|
|
5
|
+
class AllowedHosts
|
|
6
|
+
|
|
7
|
+
attr_reader :allowed_hosts
|
|
8
|
+
|
|
9
|
+
def initialize(app, &block)
|
|
10
|
+
@app = app
|
|
11
|
+
@allowed_hosts = []
|
|
12
|
+
|
|
13
|
+
# Call the block
|
|
14
|
+
instance_eval(&block)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def allow(*hosts)
|
|
18
|
+
# Also allow the for `allow ['host-a.com', 'host-b.com']` etc.
|
|
19
|
+
if hosts.size == 1 && hosts[0].is_a?(Array)
|
|
20
|
+
hosts = hosts[0]
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
hosts.each do |host|
|
|
24
|
+
matcher = matcher_for(host)
|
|
25
|
+
@allowed_hosts << matcher unless @allowed_hosts.include? matcher
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def call(env)
|
|
30
|
+
host = env['HTTP_HOST'].split(':').first
|
|
31
|
+
unless host_allowed?(host)
|
|
32
|
+
return [403, {'Content-Type' => 'text/html'}, ['<h1>403 Forbidden</h1>']]
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# Fetch the result
|
|
36
|
+
@app.call(env)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def host_allowed?(host)
|
|
40
|
+
return false if host.nil?
|
|
41
|
+
|
|
42
|
+
@allowed_hosts.each do |pattern|
|
|
43
|
+
return true if pattern.match host
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
false
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def matcher_for(host)
|
|
50
|
+
host = host.gsub(/\.\Z/, '')
|
|
51
|
+
parts = host.split('.')
|
|
52
|
+
pattern = nil
|
|
53
|
+
parts.each do |part|
|
|
54
|
+
if pattern.nil?
|
|
55
|
+
pattern = prepared_part(part)
|
|
56
|
+
else
|
|
57
|
+
pattern = /#{pattern}\.#{prepared_part(part)}/
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
/\A#{pattern}\Z/
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def prepared_part(part)
|
|
64
|
+
if part == '*'
|
|
65
|
+
/.*/
|
|
66
|
+
else
|
|
67
|
+
Regexp.quote(part)
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: rack-allowed_hosts
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.1
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Jeremy Blalock
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2015-08-16 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: rspec
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0'
|
|
20
|
+
type: :development
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ">="
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '0'
|
|
27
|
+
description: |2
|
|
28
|
+
Rack::AllowedHosts allows you to whitelist the hostnames allowed to
|
|
29
|
+
serve the site. This is helpful to protect against Host Header Injection.
|
|
30
|
+
See: https://acunetix.com/vulnerabilities/web/host-header-attack
|
|
31
|
+
email:
|
|
32
|
+
executables: []
|
|
33
|
+
extensions: []
|
|
34
|
+
extra_rdoc_files: []
|
|
35
|
+
files:
|
|
36
|
+
- lib/rack/allowed_hosts.rb
|
|
37
|
+
- lib/rack/allowed_hosts/version.rb
|
|
38
|
+
homepage:
|
|
39
|
+
licenses: []
|
|
40
|
+
metadata: {}
|
|
41
|
+
post_install_message:
|
|
42
|
+
rdoc_options: []
|
|
43
|
+
require_paths:
|
|
44
|
+
- lib
|
|
45
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
46
|
+
requirements:
|
|
47
|
+
- - ">="
|
|
48
|
+
- !ruby/object:Gem::Version
|
|
49
|
+
version: '0'
|
|
50
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
55
|
+
requirements: []
|
|
56
|
+
rubyforge_project:
|
|
57
|
+
rubygems_version: 2.5.0
|
|
58
|
+
signing_key:
|
|
59
|
+
specification_version: 4
|
|
60
|
+
summary: Simple token translation middleware
|
|
61
|
+
test_files: []
|