rack-cloudflare 1.0.0 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6c8a5b0439022d396fd56721e79b97a96c4cf830b0e37c27a4a9f6f2db2f8bd0
4
- data.tar.gz: d3866b5cfcce96211b25ae277b5e5280f3f38e0eb5f78d291c23d2a08cf84715
3
+ metadata.gz: 226fb49f7f04f287c5ad80d37f92547073049bc1d222054a082a09f2eb85d7e0
4
+ data.tar.gz: 2b196672e8bca43dfcd22f920ec69fc7250b71fced112aee3d01729c1b40976c
5
5
  SHA512:
6
- metadata.gz: 8ea482f40489690a5f368f0e21a9aad7fbc59dc76517b351b635ff53064ac8a1339ecc4c3129047967d5bdbafa259aa11a4b79314ea52ebe78b63d3bf031e9f4
7
- data.tar.gz: 40709bddc477ccd842dd50318827c4af50bbc7cf5a0b8ee58304e0e0d0d736b5fdd04b8b6f81692eb45f82b9a04492c4cb63001e6089490ab8e1cb8ee217b2a4
6
+ metadata.gz: a9c0b7967fa66302c86268e9f80d5e1eece2401b95e4ab0b6b1b91ab41070e4fed3ee554385fe6f5f34cdea8a5a809fa731ebaa6c0ce0ad114c8f2a020bdc285
7
+ data.tar.gz: 220c954ca1c7779bc811831168cfa15e44c72268917b3b8576eecc6b2794297c03a722a135fdb6710ae3e80d87a5f39d48fdbf46e1a729e4cf74a8a06ed3d212
data/.gitignore CHANGED
@@ -10,4 +10,5 @@
10
10
  # rspec failure tracking
11
11
  .rspec_status
12
12
 
13
- Gemfile.lock
13
+ Gemfile.lock
14
+ *.gem
data/README.md CHANGED
@@ -24,27 +24,31 @@ Or install it yourself as:
24
24
 
25
25
  You can block access to non-Cloudflare networks using `Rack::Cloudflare::Middleware::AccessControl`.
26
26
 
27
- require 'rack/cloudflare'
27
+ ```ruby
28
+ require 'rack/cloudflare'
28
29
 
29
- # In config.ru
30
- use Rack::Cloudflare::Middleware::AccessControl
30
+ # In config.ru
31
+ use Rack::Cloudflare::Middleware::AccessControl
31
32
 
32
- # In Rails config/application.rb
33
- config.middleware.use Rack::Cloudflare::Middleware::AccessControl
33
+ # In Rails config/application.rb
34
+ config.middleware.use Rack::Cloudflare::Middleware::AccessControl
34
35
 
35
- # Configure custom blocked message (defaults to "Forbidden")
36
- Rack::Cloudflare::Middleware::AccessControl.blocked_message = "You don't belong here..."
36
+ # Configure custom blocked message (defaults to "Forbidden")
37
+ Rack::Cloudflare::Middleware::AccessControl.blocked_message = "You don't belong here..."
37
38
 
38
- # Fully customize the Rack response (such as making it a redirect)
39
- Rack::Cloudflare::Middleware::AccessControl.blocked_response = lambda do |_env|
40
- [301, { 'Location' => 'https://somewhere.else.xyz' }, ["Redirecting...\n"]]
41
- end
39
+ # Fully customize the Rack response (such as making it a redirect)
40
+ Rack::Cloudflare::Middleware::AccessControl.blocked_response = lambda do |_env|
41
+ [301, { 'Location' => 'https://somewhere.else.xyz' }, ["Redirecting...\n"]]
42
+ end
43
+ ```
42
44
 
43
45
  Alternatively, using [`Rack::Attack`](https://github.com/kickstarter/rack-attack) you can easily add a "safelist" rule.
44
46
 
45
- Rack::Attack.safelist('Only allow requests through the Cloudflare network') do |request|
46
- Rack::Cloudflare::Headers.trusted?(request.env)
47
- end
47
+ ```ruby
48
+ Rack::Attack.safelist('Only allow requests through the Cloudflare network') do |request|
49
+ Rack::Cloudflare::Headers.trusted?(request.env)
50
+ end
51
+ ```
48
52
 
49
53
  Utilizing the `trusted?` helper method, you can implement a similar check using other middleware.
50
54
 
@@ -54,22 +58,26 @@ See _Toolkits: Detect Cloudflare Requests_ for alternative uses.
54
58
 
55
59
  You can set `REMOTE_ADDR` to the correct remote IP using `Rack::Cloudflare::Middleware::RewriteHeaders`.
56
60
 
57
- require 'rack/cloudflare'
61
+ ```ruby
62
+ require 'rack/cloudflare'
58
63
 
59
- # In config.ru
60
- use Rack::Cloudflare::Middleware::RewriteHeaders
64
+ # In config.ru
65
+ use Rack::Cloudflare::Middleware::RewriteHeaders
61
66
 
62
- # In Rails config/application.rb
63
- config.middleware.use Rack::Cloudflare::Middleware::RewriteHeaders
67
+ # In Rails config/application.rb
68
+ config.middleware.use Rack::Cloudflare::Middleware::RewriteHeaders
69
+ ```
64
70
 
65
71
  You can customize whether rewritten headers should be backed up and what names to use.
66
72
 
67
- # Toggle header backups
68
- Rack::Cloudflare::Headers.backup = false
73
+ ```ruby
74
+ # Toggle header backups (default: true)
75
+ Rack::Cloudflare::Headers.backup = false
69
76
 
70
- # Rename backed up headers (defaults: "ORIGINAL_REMOTE_ADDR", "ORIGINAL_FORWARDED_FOR")
71
- Rack::Cloudflare::Headers.original_remote_addr = 'BACKUP_REMOTE_ADDR'
72
- Rack::Cloudflare::Headers.original_forwarded_for = 'BACKUP_FORWARDED_FOR'
77
+ # Rename backed up headers (defaults: "ORIGINAL_REMOTE_ADDR", "ORIGINAL_FORWARDED_FOR")
78
+ Rack::Cloudflare::Headers.original_remote_addr = 'BACKUP_REMOTE_ADDR'
79
+ Rack::Cloudflare::Headers.original_forwarded_for = 'BACKUP_FORWARDED_FOR'
80
+ ```
73
81
 
74
82
  See _Toolkits: Rewrite Headers_ for alternative uses.
75
83
 
@@ -77,7 +85,9 @@ See _Toolkits: Rewrite Headers_ for alternative uses.
77
85
 
78
86
  You can enable logging to see what requests are blocked or headers are rewritten.
79
87
 
80
- Rack::Cloudflare.logger = Logger.new(STDOUT)
88
+ ```ruby
89
+ Rack::Cloudflare.logger = Logger.new(STDOUT)
90
+ ```
81
91
 
82
92
  Log levels used are INFO, DEBUG and WARN.
83
93
 
@@ -87,10 +97,12 @@ Log levels used are INFO, DEBUG and WARN.
87
97
 
88
98
  You can very easily check your HTTP headers to see if the request came from a Cloudflare network.
89
99
 
90
- # Your headers are in a `Hash` format
91
- # e.g. { 'REMOTE_ADDR' => '0.0.0.0', ... }
92
- # Verifies the remote address
93
- Rack::Cloudflare::Headers.trusted?(headers)
100
+ ```ruby
101
+ # Your headers are in a `Hash` format
102
+ # e.g. { 'REMOTE_ADDR' => '0.0.0.0', ... }
103
+ # Verifies the remote address
104
+ Rack::Cloudflare::Headers.trusted?(headers)
105
+ ```
94
106
 
95
107
  Note that we can only trust the `REMOTE_ADDR` header to verify a request came from Cloudflare.
96
108
  The `HTTP_X_FORWARDED_FOR` header can be modified and therefore not trusted.
@@ -102,17 +114,19 @@ Read this article, for example: [Anatomy of an Attack: How I Hacked StackOverflo
102
114
 
103
115
  We can easily rewrite `REMOTE_ADDR` and add `HTTP_X_FORWARDED_FOR` based on verifying the request comes from a Cloudflare network.
104
116
 
105
- # Get a list of headers relevant to Cloudflare (unmodified)
106
- headers = Rack::Cloudflare::Headers.new(headers).target_headers
117
+ ```ruby
118
+ # Get a list of headers relevant to Cloudflare (unmodified)
119
+ headers = Rack::Cloudflare::Headers.new(headers).target_headers
107
120
 
108
- # Get a list of headers that will be rewritten (modified)
109
- headers = Rack::Cloudflare::Headers.new(headers).rewritten_headers
121
+ # Get a list of headers that will be rewritten (modified)
122
+ headers = Rack::Cloudflare::Headers.new(headers).rewritten_headers
110
123
 
111
- # Get a list of headers relevant to Cloudflare with rewritten values
112
- headers = Rack::Cloudflare::Headers.new(headers).rewritten_target_headers
124
+ # Get a list of headers relevant to Cloudflare with rewritten values
125
+ headers = Rack::Cloudflare::Headers.new(headers).rewritten_target_headers
113
126
 
114
- # Update original headers with rewritten ones
115
- headers = Rack::Cloudflare::Headers.new(headers).rewrite
127
+ # Update original headers with rewritten ones
128
+ headers = Rack::Cloudflare::Headers.new(headers).rewrite
129
+ ```
116
130
 
117
131
  ### Up-to-date Cloudflare IP addresses
118
132
 
@@ -120,17 +134,21 @@ Cloudflare provides a [list of IP addresses](https://www.cloudflare.com/ips/) th
120
134
 
121
135
  A copy of the IPs are kept in [/data](./data/). The list is converted to a `IPAddr` list and is accessible as:
122
136
 
123
- # Configurable list of IPs
124
- # Defaults to Rack::Cloudflare::IPs::DEFAULTS
125
- Rack::Cloudflare::IPs.list
137
+ ```ruby
138
+ # Configurable list of IPs
139
+ # Defaults to Rack::Cloudflare::IPs::DEFAULTS
140
+ Rack::Cloudflare::IPs.list
141
+ ```
126
142
 
127
143
  The list can be updated to Cloudflare's latest published IP lists in-memory:
128
144
 
129
- # Fetches Rack::Cloudflare::IPs::V4_URL and Rack::Cloudflare::IPs::V6_URL
130
- Rack::Cloudflare::IPs.refresh!
145
+ ```ruby
146
+ # Fetches Rack::Cloudflare::IPs::V4_URL and Rack::Cloudflare::IPs::V6_URL
147
+ Rack::Cloudflare::IPs.refresh!
131
148
 
132
- # Updates cached list in-memory
133
- Rack::Cloudflare::IPs.list
149
+ # Updates cached list in-memory
150
+ Rack::Cloudflare::IPs.list
151
+ ```
134
152
 
135
153
  ## Credits
136
154
 
data/Rakefile CHANGED
@@ -14,7 +14,7 @@ RubyCritic::RakeTask.new do |task|
14
14
  # task.name = 'something_special'
15
15
 
16
16
  # # Glob pattern to match source files. Defaults to FileList['.'].
17
- task.paths = FileList['apps/**/*.rb', 'lib/**/*.rb']
17
+ task.paths = FileList['lib/**/*.rb']
18
18
 
19
19
  # # You can pass all the options here in that are shown by "rubycritic -h" except for
20
20
  # # "-p / --path" since that is set separately. Defaults to ''.
@@ -69,7 +69,7 @@ module Rack
69
69
  # "Cf-Visitor: { \"scheme\":\"https\"}"
70
70
  def visitor
71
71
  return unless has?(HTTP_CF_VISITOR)
72
- JSON.parse @headers[HTTP_CF_VISITOR]
72
+ ::JSON.parse @headers[HTTP_CF_VISITOR]
73
73
  end
74
74
 
75
75
  def remote_addr
@@ -20,16 +20,16 @@ module Rack
20
20
  end
21
21
 
22
22
  def fetch(url)
23
- parse Net::HTTP.get(URI(url))
23
+ parse ::Net::HTTP.get(URI(url))
24
24
  end
25
25
 
26
26
  def read(filename)
27
- parse File.read(filename)
27
+ parse ::File.read(filename)
28
28
  end
29
29
 
30
30
  def parse(string)
31
31
  return [] if string.to_s.strip.empty?
32
- string.split(/[,\s]+/).map { |ip| IPAddr.new(ip.strip) }
32
+ string.split(/[,\s]+/).map { |ip| ::IPAddr.new(ip.strip) }
33
33
  end
34
34
  end
35
35
 
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Rack
4
4
  class Cloudflare
5
- VERSION = '1.0.0'
5
+ VERSION = '1.0.1'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-cloudflare
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joel Van Horn
@@ -105,7 +105,6 @@ files:
105
105
  - lib/rack/cloudflare/middleware/access_control.rb
106
106
  - lib/rack/cloudflare/middleware/rewrite_headers.rb
107
107
  - lib/rack/cloudflare/version.rb
108
- - rack-cloudflare-0.1.0.gem
109
108
  - rack-cloudflare.gemspec
110
109
  homepage: https://github.com/joelvh/rack-cloudflare
111
110
  licenses: []
Binary file