rack-cloudflare_middleware 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e108186bec2a6dff38a2f6fa5edcfd196aa4e2199333a61d8c9a888edf65c3be
+  data.tar.gz: a8e0131c2fd8270784ed1155f114892bc26e3f65bf1eda55a547450bdf272fdb
+SHA512:
+  metadata.gz: 5762e62571ea9c5dce83039b0616a3074a0ffa0f165430c4cc5dbc5c70ef0d3d34553965abe3f85c3c8e6222f0247290e1acb8a4538538e30bd1b88e6f5bbe7a
+  data.tar.gz: f04fa0b616f69d62f81568dc29c5e0428511a884e774685a6d869dfbef5765c9b0cac577fc42d1f08d747084369a1ff11baba8853cbbc36b71e8fee20e7773b2

data/.github/dependabot.yml

@@ -0,0 +1,25 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "wednesday"
+    labels:
+      - ":robot: dependabot"
+      - ":octocat: github-actions"
+      - ":heavy_plus_sign: dependencies"
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "wednesday"
+    labels:
+      - ":robot: dependabot"
+      - ":gem: ruby"
+      - ":heavy_plus_sign: dependencies"

data/.github/workflows/ci.yml

@@ -0,0 +1,51 @@
+name: "CI"
+on:
+  pull_request:
+  push:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+      checks: write
+    env:
+      RAILS_ENV: test
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby: ["2.7", "3.0", "3.1", "3.2"]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+      - name: Install Ruby and gems
+        uses: ruby/setup-ruby@93287a1fa82c6ddbb6d8db978df4b0119cd8879f
+        with:
+          bundler-cache: true
+          ruby-version: ${{ matrix.ruby }}
+      - name: Run RSpec Tests
+        timeout-minutes: 20
+        run: bundle exec rspec -f doc
+  lint:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+      - name: Install Ruby and gems
+        uses: ruby/setup-ruby@93287a1fa82c6ddbb6d8db978df4b0119cd8879f
+        with:
+          bundler-cache: true
+          ruby-version: "3.1"
+      - name: Bundle Audit Check
+        run: bundle exec bundle-audit update && bundle exec bundle-audit check
+      - name: Setup Python
+        uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
+        with:
+          python-version: "3.10"
+      - name: Run pre-commit
+        uses: pre-commit/action@efd3bcfec120bd343786e46318186153b7bc8c68

data/.github/workflows/release.yml

@@ -0,0 +1,25 @@
+name: Release to RubyGems
+on:
+  release:
+    types: [published]
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+      - name: Install Ruby and gems
+        uses: ruby/setup-ruby@93287a1fa82c6ddbb6d8db978df4b0119cd8879f
+        with:
+          bundler-cache: true
+          ruby-version: "3.2"
+      - name: Publish gem
+        run: |
+          umask 077
+          mkdir -p "$HOME/.gem"
+          printf -- "---\n:rubygems_api_key: ${RUBYGEMS_API_KEY}\n" > $HOME/.gem/credentials
+          gem build *.gemspec
+          gem push *.gem
+          rm -f "$HOME/.gem/credentials"
+        env:
+          RUBYGEMS_API_KEY: "${{secrets.RUBYGEMS_PUSH_API_KEY}}"

data/.gitignore

@@ -0,0 +1,2 @@
+/.bundle
+*.gem

data/.pre-commit-config.yaml

@@ -0,0 +1,17 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v3.2.0
+  hooks:
+  - id: trailing-whitespace
+  - id: end-of-file-fixer
+    exclude: '^(config/secrets.yml.enc$)|(spec/data/)|(db/.*\.sql$)'
+  - id: check-yaml
+    exclude: '.rubocop.yml'
+  - id: check-added-large-files
+  - id: check-byte-order-marker
+    exclude: '^spec/data/'
+  - id: check-merge-conflict
+- repo: https://github.com/instrumentl/pre-commit-standardrb.git
+  rev: '1ae56c7524a2d48cd2b7ca1f74bdb0cdd454477e'
+  hooks:
+    - id: standardrb

data/.rubocop.yml

@@ -0,0 +1,10 @@
+require: standard
+inherit_gem:
+  standard: config/base.yml
+AllCops:
+  TargetRubyVersion: 2.7
+  Exclude:
+    - 'vendor/bundle/**/*'
+    - 'tmp/**/*'
+    - 'public/**/*'
+    - 'bin/{bundle,rails,rake,spring}'

data/Gemfile

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gemspec
+
+gem "faraday", "~> 1.0"
+gem "rake", "~> 13.0"
+
+group :development, :test do
+  gem "rspec", "~> 3.0"
+  gem "rspec-its", "~> 1.3"
+  gem "rack-test", "~> 2"
+  gem "standard", "~> 1"
+  gem "pry"
+  gem "webmock", "~> 3.18"
+  gem "bundle-audit", "~> 0.1.0"
+end

data/Gemfile.lock

@@ -0,0 +1,127 @@
+PATH
+  remote: .
+  specs:
+    rack-cloudflare_middleware (1.0.0)
+      faraday (>= 1.0, < 3)
+      rack (~> 2)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
+    ast (2.4.2)
+    bundle-audit (0.1.0)
+      bundler-audit
+    bundler-audit (0.9.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
+    coderay (1.1.3)
+    crack (0.4.5)
+      rexml
+    diff-lcs (1.5.0)
+    faraday (1.10.3)
+      faraday-em_http (~> 1.0)
+      faraday-em_synchrony (~> 1.0)
+      faraday-excon (~> 1.1)
+      faraday-httpclient (~> 1.0)
+      faraday-multipart (~> 1.0)
+      faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.0)
+      faraday-patron (~> 1.0)
+      faraday-rack (~> 1.0)
+      faraday-retry (~> 1.0)
+      ruby2_keywords (>= 0.0.4)
+    faraday-em_http (1.0.0)
+    faraday-em_synchrony (1.0.0)
+    faraday-excon (1.1.0)
+    faraday-httpclient (1.0.1)
+    faraday-multipart (1.0.4)
+      multipart-post (~> 2)
+    faraday-net_http (1.0.1)
+    faraday-net_http_persistent (1.2.0)
+    faraday-patron (1.0.0)
+    faraday-rack (1.0.0)
+    faraday-retry (1.0.3)
+    hashdiff (1.0.1)
+    json (2.6.3)
+    language_server-protocol (3.17.0.3)
+    method_source (1.0.0)
+    multipart-post (2.3.0)
+    parallel (1.22.1)
+    parser (3.2.1.1)
+      ast (~> 2.4.1)
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (5.0.1)
+    rack (2.2.6.4)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.7.0)
+    rexml (3.2.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.1)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-its (1.3.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.12.4)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    rubocop (1.48.1)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.2.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.26.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.28.0)
+      parser (>= 3.2.1.0)
+    rubocop-performance (1.16.0)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    ruby-progressbar (1.13.0)
+    ruby2_keywords (0.0.5)
+    standard (1.25.3)
+      language_server-protocol (~> 3.17.0.2)
+      rubocop (~> 1.48.1)
+      rubocop-performance (~> 1.16.0)
+    thor (1.2.1)
+    unicode-display_width (2.4.2)
+    webmock (3.18.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+
+PLATFORMS
+  arm64-darwin-22
+  x86_64-linux
+
+DEPENDENCIES
+  bundle-audit (~> 0.1.0)
+  bundler (~> 2)
+  faraday (~> 1.0)
+  pry
+  rack-cloudflare_middleware!
+  rack-test (~> 2)
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  rspec-its (~> 1.3)
+  standard (~> 1)
+  webmock (~> 3.18)
+
+BUNDLED WITH
+   2.4.7

data/LICENSE.txt

@@ -0,0 +1,13 @@
+Copyright (c) 2023 Instrumentl, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+This is a small Rack middleware for use with the [Cloudflare](https://www.cloudflare.com/) CDN.
+
+We include two middlewares:
+
+ * `Rack::CloudflareMiddleware::RewriteRemoteAddr` swaps in `CF-Connecting-IP` for `REMOTE_ADDR` if and only if the "real" remote address is a trusted Cloudflare source IP address.
+ * `Rack::CloudflareMiddleware::DenyOthers` returns a 401 for all requests where `REMOTE_ADDR` is not Cloudflare
+
+If you're using Rails, you may want to use [cloudflare-rails](https://github.com/modosc/cloudflare-rails) instead.
+
+This library uses Faraday to dynamically update the list of trusted remote IPs every few hours, and includes a checked-in snapshot which will be used if the dynamic updater fails.
+
+This library is licensed under the ISC license, a copy of which can be found at [LICENSE.txt](LICENSE.txt). "Cloudflare" is a registered trademark of Cloudflare, Inc and is used as per the [Cloudflare Trademark Guidelines](https://www.cloudflare.com/trademark/)
+
+### Usage
+
+Add this library to your Gemfile (or otherwise include it with your application), and add it as a middleware in your `config.ru`; for example, if you're using [Sinatra](), this might look like:
+
+```ruby
+require "rack/cloudflare_middleware"
+require "sinatra"
+require "./app"
+
+use Rack::CloudflareMiddleware::DenyOthers, allow_private: true
+use Rack::CloudflareMiddleware::RewriteRemoteAddr
+
+run Sinatra::Application
+```
+
+The `allow_private` kwarg to `DenyOthers` controls whether or not private and loopback addresses are allowed through. Whether or not you should set this depends on the exact specifics of your deployment environment; often it should be set in development, but not in production.

data/data/ips-v4

@@ -0,0 +1,15 @@
+103.21.244.0/22
+103.22.200.0/22
+103.31.4.0/22
+104.16.0.0/13
+104.24.0.0/14
+108.162.192.0/18
+131.0.72.0/22
+141.101.64.0/18
+162.158.0.0/15
+172.64.0.0/13
+173.245.48.0/20
+188.114.96.0/20
+190.93.240.0/20
+197.234.240.0/22
+198.41.128.0/17

data/data/ips-v6

@@ -0,0 +1,7 @@
+2400:cb00::/32
+2405:8100::/32
+2405:b500::/32
+2606:4700::/32
+2803:f800::/32
+2a06:98c0::/29
+2c0f:f248::/32

data/lib/rack/cloudflare_middleware/deny_others.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Rack
+  module CloudflareMiddleware
+    class DenyOthers
+      def initialize(app, allow_private: false)
+        @allow_private = allow_private
+        @app = app
+      end
+
+      def call(env)
+        TrustedIps.instance.check_update
+        remote_addr = IPAddr.new env["REMOTE_ADDR"]
+        if (@allow_private && (remote_addr.private? || remote_addr.loopback?)) || TrustedIps.instance.include?(remote_addr)
+          @app.call(env)
+        else
+          ["403", {"Content-Type" => "text/plain"}, ["Forbidden by policy statement"]]
+        end
+      end
+    end
+  end
+end

data/lib/rack/cloudflare_middleware/rewrite_remote_addr.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Rack
+  module CloudflareMiddleware
+    class RewriteRemoteAddr
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        TrustedIps.instance.check_update
+        if TrustedIps.instance.include? env["REMOTE_ADDR"]
+          unless env["HTTP_CF_CONNECTING_IP"].nil?
+            env["HTTP_CF_ORIGINAL_REMOTE_ADDR"] = env["REMOTE_ADDR"]
+            env["REMOTE_ADDR"] = env["HTTP_CF_CONNECTING_IP"]
+          end
+        end
+
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/rack/cloudflare_middleware/trusted_ips.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+require "ipaddr"
+require "singleton"
+
+require "faraday"
+
+module Rack
+  module CloudflareMiddleware
+    class TrustedIps
+      TIMEOUT = 7.0
+      OPEN_TIMEOUT = 4.0
+
+      UPDATE_THRESHOLD = 21600
+
+      attr_reader :ranges
+      attr_reader :mtimes
+
+      include Singleton
+
+      def initialize
+        reset!
+      end
+
+      def reset!
+        @ranges = {4 => Set.new, 6 => Set.new}
+        @mtimes = {4 => Time.new(1970, 1, 1), 6 => Time.new(1970, 1, 1)}
+        load_from_files
+      end
+
+      def include?(ip)
+        unless ip.is_a? IPAddr
+          ip = IPAddr.new(ip)
+        end
+        if ip.ipv4?
+          @ranges[4].any? { _1.include? ip }
+        else
+          @ranges[6].any? { _1.include? ip }
+        end
+      end
+
+      def update!
+        read_network "https://www.cloudflare.com/ips-v4", 4
+        read_network "https://www.cloudflare.com/ips-v6", 6
+      end
+
+      def check_update
+        if [4, 6].any? { (Time.now - @mtimes[_1]) > UPDATE_THRESHOLD }
+          update!
+        end
+      end
+
+      private
+
+      def load_from_files
+        read_file "#{__dir__}/../../../data/ips-v4", 4
+        read_file "#{__dir__}/../../../data/ips-v6", 6
+      end
+
+      def process_body(body)
+        body.lines.map(&:strip).filter { !_1.empty? }.map(&IPAddr.method(:new)).to_set
+      end
+
+      def read_file(path, version)
+        ::File.open(path) do |f|
+          addresses = process_body(f.read)
+          @ranges[version] = addresses
+          @mtimes[version] = f.mtime
+        end
+      end
+
+      def read_network(url, version)
+        start_request = Time.now
+        response = faraday_connection.get(url)
+        @ranges[version] = process_body(response.body)
+        @mtimes[version] = start_request
+      rescue Faraday::Error => e
+        warn "Unable to fetch Cloudflare remote IPs: #{e}"
+      end
+
+      def faraday_connection
+        @faraday_connection ||= Faraday.new do |builder|
+          builder.options.open_timeout = OPEN_TIMEOUT
+          builder.options.timeout = TIMEOUT
+          builder.response :raise_error
+        end
+      end
+    end
+  end
+end

data/lib/rack/cloudflare_middleware/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Rack
+  module CloudflareMiddleware
+    VERSION = "1.0.0"
+  end
+end

data/lib/rack/cloudflare_middleware.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative "cloudflare_middleware/version"
+require_relative "cloudflare_middleware/trusted_ips"
+require_relative "cloudflare_middleware/rewrite_remote_addr"
+require_relative "cloudflare_middleware/deny_others"
+
+module Rack
+  module CloudflareMiddleware
+    attr_accessor :logger
+  end
+end

data/rack-cloudflare_middleware.gemspec

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+lib = File.expand_path("lib", __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "rack/cloudflare_middleware/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "rack-cloudflare_middleware"
+  spec.version = Rack::CloudflareMiddleware::VERSION
+  spec.authors = ["James Brown"]
+  spec.email = ["james@instrumentl.com"]
+  spec.license = "ISC"
+
+  spec.summary = "Rack middleware for handling Cloudflare remote IP headers"
+  spec.homepage = "https://github.com/instrumentl/rack-cloudflare_middleware"
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      f.match(%r{^(test|spec|features)/})
+    end
+  end
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "faraday", ">= 1.0", "< 3"
+  spec.add_dependency "rack", "~> 2"
+
+  spec.add_development_dependency "bundler", "~> 2"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "standard", "~> 1"
+end

metadata

@@ -0,0 +1,151 @@
+--- !ruby/object:Gem::Specification
+name: rack-cloudflare_middleware
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- James Brown
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2023-03-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: standard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+description: 
+email:
+- james@instrumentl.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/dependabot.yml"
+- ".github/workflows/ci.yml"
+- ".github/workflows/release.yml"
+- ".gitignore"
+- ".pre-commit-config.yaml"
+- ".rubocop.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- data/ips-v4
+- data/ips-v6
+- lib/rack/cloudflare_middleware.rb
+- lib/rack/cloudflare_middleware/deny_others.rb
+- lib/rack/cloudflare_middleware/rewrite_remote_addr.rb
+- lib/rack/cloudflare_middleware/trusted_ips.rb
+- lib/rack/cloudflare_middleware/version.rb
+- rack-cloudflare_middleware.gemspec
+homepage: https://github.com/instrumentl/rack-cloudflare_middleware
+licenses:
+- ISC
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.1
+signing_key: 
+specification_version: 4
+summary: Rack middleware for handling Cloudflare remote IP headers
+test_files: []