rack-cloudflare 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6c8a5b0439022d396fd56721e79b97a96c4cf830b0e37c27a4a9f6f2db2f8bd0
4
- data.tar.gz: d3866b5cfcce96211b25ae277b5e5280f3f38e0eb5f78d291c23d2a08cf84715
3
+ metadata.gz: 226fb49f7f04f287c5ad80d37f92547073049bc1d222054a082a09f2eb85d7e0
4
+ data.tar.gz: 2b196672e8bca43dfcd22f920ec69fc7250b71fced112aee3d01729c1b40976c
5
5
  SHA512:
6
- metadata.gz: 8ea482f40489690a5f368f0e21a9aad7fbc59dc76517b351b635ff53064ac8a1339ecc4c3129047967d5bdbafa259aa11a4b79314ea52ebe78b63d3bf031e9f4
7
- data.tar.gz: 40709bddc477ccd842dd50318827c4af50bbc7cf5a0b8ee58304e0e0d0d736b5fdd04b8b6f81692eb45f82b9a04492c4cb63001e6089490ab8e1cb8ee217b2a4
6
+ metadata.gz: a9c0b7967fa66302c86268e9f80d5e1eece2401b95e4ab0b6b1b91ab41070e4fed3ee554385fe6f5f34cdea8a5a809fa731ebaa6c0ce0ad114c8f2a020bdc285
7
+ data.tar.gz: 220c954ca1c7779bc811831168cfa15e44c72268917b3b8576eecc6b2794297c03a722a135fdb6710ae3e80d87a5f39d48fdbf46e1a729e4cf74a8a06ed3d212
data/.gitignore CHANGED
@@ -10,4 +10,5 @@
10
10
  # rspec failure tracking
11
11
  .rspec_status
12
12
 
13
- Gemfile.lock
13
+ Gemfile.lock
14
+ *.gem
data/README.md CHANGED
@@ -24,27 +24,31 @@ Or install it yourself as:
24
24
 
25
25
  You can block access to non-Cloudflare networks using `Rack::Cloudflare::Middleware::AccessControl`.
26
26
 
27
- require 'rack/cloudflare'
27
+ ```ruby
28
+ require 'rack/cloudflare'
28
29
 
29
- # In config.ru
30
- use Rack::Cloudflare::Middleware::AccessControl
30
+ # In config.ru
31
+ use Rack::Cloudflare::Middleware::AccessControl
31
32
 
32
- # In Rails config/application.rb
33
- config.middleware.use Rack::Cloudflare::Middleware::AccessControl
33
+ # In Rails config/application.rb
34
+ config.middleware.use Rack::Cloudflare::Middleware::AccessControl
34
35
 
35
- # Configure custom blocked message (defaults to "Forbidden")
36
- Rack::Cloudflare::Middleware::AccessControl.blocked_message = "You don't belong here..."
36
+ # Configure custom blocked message (defaults to "Forbidden")
37
+ Rack::Cloudflare::Middleware::AccessControl.blocked_message = "You don't belong here..."
37
38
 
38
- # Fully customize the Rack response (such as making it a redirect)
39
- Rack::Cloudflare::Middleware::AccessControl.blocked_response = lambda do |_env|
40
- [301, { 'Location' => 'https://somewhere.else.xyz' }, ["Redirecting...\n"]]
41
- end
39
+ # Fully customize the Rack response (such as making it a redirect)
40
+ Rack::Cloudflare::Middleware::AccessControl.blocked_response = lambda do |_env|
41
+ [301, { 'Location' => 'https://somewhere.else.xyz' }, ["Redirecting...\n"]]
42
+ end
43
+ ```
42
44
 
43
45
  Alternatively, using [`Rack::Attack`](https://github.com/kickstarter/rack-attack) you can easily add a "safelist" rule.
44
46
 
45
- Rack::Attack.safelist('Only allow requests through the Cloudflare network') do |request|
46
- Rack::Cloudflare::Headers.trusted?(request.env)
47
- end
47
+ ```ruby
48
+ Rack::Attack.safelist('Only allow requests through the Cloudflare network') do |request|
49
+ Rack::Cloudflare::Headers.trusted?(request.env)
50
+ end
51
+ ```
48
52
 
49
53
  Utilizing the `trusted?` helper method, you can implement a similar check using other middleware.
50
54
 
@@ -54,22 +58,26 @@ See _Toolkits: Detect Cloudflare Requests_ for alternative uses.
54
58
 
55
59
  You can set `REMOTE_ADDR` to the correct remote IP using `Rack::Cloudflare::Middleware::RewriteHeaders`.
56
60
 
57
- require 'rack/cloudflare'
61
+ ```ruby
62
+ require 'rack/cloudflare'
58
63
 
59
- # In config.ru
60
- use Rack::Cloudflare::Middleware::RewriteHeaders
64
+ # In config.ru
65
+ use Rack::Cloudflare::Middleware::RewriteHeaders
61
66
 
62
- # In Rails config/application.rb
63
- config.middleware.use Rack::Cloudflare::Middleware::RewriteHeaders
67
+ # In Rails config/application.rb
68
+ config.middleware.use Rack::Cloudflare::Middleware::RewriteHeaders
69
+ ```
64
70
 
65
71
  You can customize whether rewritten headers should be backed up and what names to use.
66
72
 
67
- # Toggle header backups
68
- Rack::Cloudflare::Headers.backup = false
73
+ ```ruby
74
+ # Toggle header backups (default: true)
75
+ Rack::Cloudflare::Headers.backup = false
69
76
 
70
- # Rename backed up headers (defaults: "ORIGINAL_REMOTE_ADDR", "ORIGINAL_FORWARDED_FOR")
71
- Rack::Cloudflare::Headers.original_remote_addr = 'BACKUP_REMOTE_ADDR'
72
- Rack::Cloudflare::Headers.original_forwarded_for = 'BACKUP_FORWARDED_FOR'
77
+ # Rename backed up headers (defaults: "ORIGINAL_REMOTE_ADDR", "ORIGINAL_FORWARDED_FOR")
78
+ Rack::Cloudflare::Headers.original_remote_addr = 'BACKUP_REMOTE_ADDR'
79
+ Rack::Cloudflare::Headers.original_forwarded_for = 'BACKUP_FORWARDED_FOR'
80
+ ```
73
81
 
74
82
  See _Toolkits: Rewrite Headers_ for alternative uses.
75
83
 
@@ -77,7 +85,9 @@ See _Toolkits: Rewrite Headers_ for alternative uses.
77
85
 
78
86
  You can enable logging to see what requests are blocked or headers are rewritten.
79
87
 
80
- Rack::Cloudflare.logger = Logger.new(STDOUT)
88
+ ```ruby
89
+ Rack::Cloudflare.logger = Logger.new(STDOUT)
90
+ ```
81
91
 
82
92
  Log levels used are INFO, DEBUG and WARN.
83
93
 
@@ -87,10 +97,12 @@ Log levels used are INFO, DEBUG and WARN.
87
97
 
88
98
  You can very easily check your HTTP headers to see if the request came from a Cloudflare network.
89
99
 
90
- # Your headers are in a `Hash` format
91
- # e.g. { 'REMOTE_ADDR' => '0.0.0.0', ... }
92
- # Verifies the remote address
93
- Rack::Cloudflare::Headers.trusted?(headers)
100
+ ```ruby
101
+ # Your headers are in a `Hash` format
102
+ # e.g. { 'REMOTE_ADDR' => '0.0.0.0', ... }
103
+ # Verifies the remote address
104
+ Rack::Cloudflare::Headers.trusted?(headers)
105
+ ```
94
106
 
95
107
  Note that we can only trust the `REMOTE_ADDR` header to verify a request came from Cloudflare.
96
108
  The `HTTP_X_FORWARDED_FOR` header can be modified and therefore not trusted.
@@ -102,17 +114,19 @@ Read this article, for example: [Anatomy of an Attack: How I Hacked StackOverflo
102
114
 
103
115
  We can easily rewrite `REMOTE_ADDR` and add `HTTP_X_FORWARDED_FOR` based on verifying the request comes from a Cloudflare network.
104
116
 
105
- # Get a list of headers relevant to Cloudflare (unmodified)
106
- headers = Rack::Cloudflare::Headers.new(headers).target_headers
117
+ ```ruby
118
+ # Get a list of headers relevant to Cloudflare (unmodified)
119
+ headers = Rack::Cloudflare::Headers.new(headers).target_headers
107
120
 
108
- # Get a list of headers that will be rewritten (modified)
109
- headers = Rack::Cloudflare::Headers.new(headers).rewritten_headers
121
+ # Get a list of headers that will be rewritten (modified)
122
+ headers = Rack::Cloudflare::Headers.new(headers).rewritten_headers
110
123
 
111
- # Get a list of headers relevant to Cloudflare with rewritten values
112
- headers = Rack::Cloudflare::Headers.new(headers).rewritten_target_headers
124
+ # Get a list of headers relevant to Cloudflare with rewritten values
125
+ headers = Rack::Cloudflare::Headers.new(headers).rewritten_target_headers
113
126
 
114
- # Update original headers with rewritten ones
115
- headers = Rack::Cloudflare::Headers.new(headers).rewrite
127
+ # Update original headers with rewritten ones
128
+ headers = Rack::Cloudflare::Headers.new(headers).rewrite
129
+ ```
116
130
 
117
131
  ### Up-to-date Cloudflare IP addresses
118
132
 
@@ -120,17 +134,21 @@ Cloudflare provides a [list of IP addresses](https://www.cloudflare.com/ips/) th
120
134
 
121
135
  A copy of the IPs are kept in [/data](./data/). The list is converted to a `IPAddr` list and is accessible as:
122
136
 
123
- # Configurable list of IPs
124
- # Defaults to Rack::Cloudflare::IPs::DEFAULTS
125
- Rack::Cloudflare::IPs.list
137
+ ```ruby
138
+ # Configurable list of IPs
139
+ # Defaults to Rack::Cloudflare::IPs::DEFAULTS
140
+ Rack::Cloudflare::IPs.list
141
+ ```
126
142
 
127
143
  The list can be updated to Cloudflare's latest published IP lists in-memory:
128
144
 
129
- # Fetches Rack::Cloudflare::IPs::V4_URL and Rack::Cloudflare::IPs::V6_URL
130
- Rack::Cloudflare::IPs.refresh!
145
+ ```ruby
146
+ # Fetches Rack::Cloudflare::IPs::V4_URL and Rack::Cloudflare::IPs::V6_URL
147
+ Rack::Cloudflare::IPs.refresh!
131
148
 
132
- # Updates cached list in-memory
133
- Rack::Cloudflare::IPs.list
149
+ # Updates cached list in-memory
150
+ Rack::Cloudflare::IPs.list
151
+ ```
134
152
 
135
153
  ## Credits
136
154
 
data/Rakefile CHANGED
@@ -14,7 +14,7 @@ RubyCritic::RakeTask.new do |task|
14
14
  # task.name = 'something_special'
15
15
 
16
16
  # # Glob pattern to match source files. Defaults to FileList['.'].
17
- task.paths = FileList['apps/**/*.rb', 'lib/**/*.rb']
17
+ task.paths = FileList['lib/**/*.rb']
18
18
 
19
19
  # # You can pass all the options here in that are shown by "rubycritic -h" except for
20
20
  # # "-p / --path" since that is set separately. Defaults to ''.
@@ -69,7 +69,7 @@ module Rack
69
69
  # "Cf-Visitor: { \"scheme\":\"https\"}"
70
70
  def visitor
71
71
  return unless has?(HTTP_CF_VISITOR)
72
- JSON.parse @headers[HTTP_CF_VISITOR]
72
+ ::JSON.parse @headers[HTTP_CF_VISITOR]
73
73
  end
74
74
 
75
75
  def remote_addr
@@ -20,16 +20,16 @@ module Rack
20
20
  end
21
21
 
22
22
  def fetch(url)
23
- parse Net::HTTP.get(URI(url))
23
+ parse ::Net::HTTP.get(URI(url))
24
24
  end
25
25
 
26
26
  def read(filename)
27
- parse File.read(filename)
27
+ parse ::File.read(filename)
28
28
  end
29
29
 
30
30
  def parse(string)
31
31
  return [] if string.to_s.strip.empty?
32
- string.split(/[,\s]+/).map { |ip| IPAddr.new(ip.strip) }
32
+ string.split(/[,\s]+/).map { |ip| ::IPAddr.new(ip.strip) }
33
33
  end
34
34
  end
35
35
 
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Rack
4
4
  class Cloudflare
5
- VERSION = '1.0.0'
5
+ VERSION = '1.0.1'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-cloudflare
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joel Van Horn
@@ -105,7 +105,6 @@ files:
105
105
  - lib/rack/cloudflare/middleware/access_control.rb
106
106
  - lib/rack/cloudflare/middleware/rewrite_headers.rb
107
107
  - lib/rack/cloudflare/version.rb
108
- - rack-cloudflare-0.1.0.gem
109
108
  - rack-cloudflare.gemspec
110
109
  homepage: https://github.com/joelvh/rack-cloudflare
111
110
  licenses: []
Binary file