rack-dedos 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +7 -0
- data/README.md +4 -2
- data/lib/rack/dedos/filters/base.rb +4 -5
- data/lib/rack/dedos/version.rb +1 -1
- data/lib/rack/dedos.rb +2 -2
- data.tar.gz.sig +0 -0
- metadata +13 -13
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 44d58ef342f579aa4245e7e3f8dd41b505f576331c6bb5f65d4c7b6e5e07e74f
|
4
|
+
data.tar.gz: 6b63cf01106e9f09d2fea0daee7691b0d263fcdc48e4c7b44bcf04144c4468b4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cb872c5c6d1a339bbf62220fdd1c179349ed28d266d291fdca4013527039e5290539a5e60adee88c570e87de0b04a93ac808a99103f5faeda4d5616acaf88995
|
7
|
+
data.tar.gz: eedf962195f3eacea34330bfc4b158263ee15d57684a18f6bd48aa26a78e49e92fa73fcb96ec043e18e1b96dfcfbd586c5117cd805b8c3b96e2f3b52d14982e0
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
[](https://rubygems.org/gems/rack-dedos)
|
2
2
|
[](https://github.com/svoop/rack-dedos/actions?workflow=Test)
|
3
3
|
[](https://codeclimate.com/github/svoop/rack-dedos/)
|
4
|
-
[](https://github.com/sponsors/svoop)
|
5
5
|
|
6
6
|
<img src="https://github.com/svoop/rack-dedos/raw/main/doc/chop-chop.png" alt="chop-chop" align="right">
|
7
7
|
|
@@ -15,6 +15,8 @@ The filters have been proven to work against certain DoS attacks, however, they
|
|
15
15
|
* [API](https://www.rubydoc.info/gems/rack-dedos)
|
16
16
|
* Author: [Sven Schwyn - Bitcetera](https://bitcetera.com)
|
17
17
|
|
18
|
+
Thank you for supporting free and open-source software by sponsoring on [GitHub](https://github.com/sponsors/svoop) or on [Donorbox](https://donorbox.com/bitcetera). Any gesture is appreciated, from a single Euro for a ☕️ cup of coffee to 🍹 early retirement.
|
19
|
+
|
18
20
|
## Install
|
19
21
|
|
20
22
|
### Security
|
@@ -141,7 +143,7 @@ tar -xz -C /tmp -f /tmp/geoipupdate.tgz
|
|
141
143
|
|
142
144
|
A word on how the real client IP is determined. Both Rack 2 and Rack 3 (up to 3.0.7 at the time of writing) may populate the request `ip` incorrectly. Here's what a minimalistic Rack app deloyed to Render (behind Cloudflare) reports:
|
143
145
|
|
144
|
-
> request.ip = 172.71.135.17
|
146
|
+
> request.ip = 172.71.135.17<br>
|
145
147
|
> request.forwarded_for = ["81.XXX.XXX.XXX", "172.71.135.17", "10.201.229.136"]
|
146
148
|
|
147
149
|
Obviously, the reported IP 172.71.135.17 is not the real client IP, the correct one is the (redacted) 81.XXX.XXX.XXX.
|
@@ -39,17 +39,16 @@ module Rack
|
|
39
39
|
|
40
40
|
# Get the real IP of the client
|
41
41
|
#
|
42
|
-
# If
|
43
|
-
# by Rack may be wrong. Therefore, we determine the
|
44
|
-
# using the following priorities:
|
42
|
+
# If containers and/or proxies such as Cloudflare are in the mix, the
|
43
|
+
# client IP reported by Rack may be wrong. Therefore, we determine the
|
44
|
+
# real client IP using the following priorities:
|
45
45
|
#
|
46
46
|
# 1. Cf-Connecting-Ip header
|
47
47
|
# 2. X-Forwarded-For header (also remove port number)
|
48
48
|
# 3. IP reported by Rack
|
49
49
|
#
|
50
50
|
# @param request [Rack::Request]
|
51
|
-
# @return [String
|
52
|
-
# not set
|
51
|
+
# @return [String] real client IP
|
53
52
|
def real_ip(request)
|
54
53
|
case
|
55
54
|
when ip = request.get_header('HTTP_CF_CONNECTING_IP')
|
data/lib/rack/dedos/version.rb
CHANGED
data/lib/rack/dedos.rb
CHANGED
@@ -20,11 +20,11 @@ module Rack
|
|
20
20
|
|
21
21
|
Rack::Builder.new do
|
22
22
|
unless except.include? :user_agent
|
23
|
-
require_relative 'dedos/
|
23
|
+
require_relative 'dedos/filters/user_agent'
|
24
24
|
use(::Rack::Dedos::Filters::UserAgent, options)
|
25
25
|
end
|
26
26
|
unless except.include? :country
|
27
|
-
require_relative 'dedos/
|
27
|
+
require_relative 'dedos/filters/country'
|
28
28
|
use(::Rack::Dedos::Filters::Country, options)
|
29
29
|
end
|
30
30
|
run app
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-dedos
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sven Schwyn
|
@@ -11,8 +11,8 @@ cert_chain:
|
|
11
11
|
- |
|
12
12
|
-----BEGIN CERTIFICATE-----
|
13
13
|
MIIDODCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDDBhydWJ5
|
14
|
-
|
15
|
-
|
14
|
+
L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjQxMTIwMjExMDIwWhcNMjUxMTIwMjEx
|
15
|
+
MDIwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
|
16
16
|
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLg+IHjXYaUlTSU7R235lQKD8ZhEe
|
17
17
|
KMhoGlSUonZ/zo1OT3KXcqTCP1iMX743xYs6upEGALCWWwq+nxvlDdnWRjF3AAv7
|
18
18
|
ikC+Z2BEowjyeCCT/0gvn4ohKcR0JOzzRaIlFUVInlGSAHx2QHZ2N8ntf54lu7nd
|
@@ -21,15 +21,15 @@ cert_chain:
|
|
21
21
|
PVa0i729A4IhroNnFNmw4wOC93ARNbM1+LW36PLMmKjKudf5Exg8VmDVAgMBAAGj
|
22
22
|
dzB1MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBSfK8MtR62mQ6oN
|
23
23
|
yoX/VKJzFjLSVDAdBgNVHREEFjAUgRJydWJ5QGJpdGNldGVyYS5jb20wHQYDVR0S
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
24
|
+
BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQDSeB1x
|
25
|
+
8QK8F/ML37isgvwGiQxovDUqu6Sq14cQ1qE9y5prUBmL2AsDuCBpXXctcvamFqNC
|
26
|
+
PgfJtj7ZZcXmY0SfKCog7T1btkr6zYxPXpxwUqB45n0I6v5qc0UCNvMEfBzxlak5
|
27
|
+
VW7UMNlKD9qukeN55hxuLF2F/sLldMcHUo/ATgdV4zk1t3sK6A9+02wz5K5qfWdM
|
28
|
+
Mi+XWXmGd57uojk3RcIXNwBRRP4DTKcKgVXhuyHb7q1vjTXrS6bw1Ortu0KmWOIk
|
29
|
+
jTyRsT1gymASS2KHe+BaCTwD74GqO8q4woYLZgXnJ/PvgcFgY2FEi2Kn/sXLp4JE
|
30
|
+
boIgxQCMT+nxBHCD
|
31
31
|
-----END CERTIFICATE-----
|
32
|
-
date:
|
32
|
+
date: 2024-11-20 00:00:00.000000000 Z
|
33
33
|
dependencies:
|
34
34
|
- !ruby/object:Gem::Dependency
|
35
35
|
name: rack
|
@@ -116,7 +116,7 @@ dependencies:
|
|
116
116
|
- !ruby/object:Gem::Version
|
117
117
|
version: '0'
|
118
118
|
- !ruby/object:Gem::Dependency
|
119
|
-
name: minitest-
|
119
|
+
name: minitest-flash
|
120
120
|
requirement: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - ">="
|
@@ -243,7 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
243
243
|
- !ruby/object:Gem::Version
|
244
244
|
version: '0'
|
245
245
|
requirements: []
|
246
|
-
rubygems_version: 3.
|
246
|
+
rubygems_version: 3.5.23
|
247
247
|
signing_key:
|
248
248
|
specification_version: 4
|
249
249
|
summary: Radical filters to block denial-of-service (DoS) requests.
|
metadata.gz.sig
CHANGED
Binary file
|