rack-dedos 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +12 -0
- data/README.md +4 -2
- data/lib/rack/dedos/filters/base.rb +4 -5
- data/lib/rack/dedos/version.rb +1 -1
- data/lib/rack/dedos.rb +2 -2
- data.tar.gz.sig +0 -0
- metadata +13 -16
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5358dccb09197e0042d35f689f02a913a8c566e975b2bac47c7dbdfbd4c01c56
|
|
4
|
+
data.tar.gz: 63c029725b96d240ac4700c02585772b8a8a843c2e8fcca574ada29ae344a740
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bc44d5579d132a3960f280f26f8c4f0b1eca01d7001d15d5dbfbe907fbc08f2a0d0ad775e610c018ff1f8f7cef6e47611bcf0ad0c4618cf5eed100d59cc97188
|
|
7
|
+
data.tar.gz: 329b51f582b0c664b1754f8f8169b8623c0675695171560aadacd3ce6963863644ced781a144c8d55d35d8de5cd75801f85a1d7640ff4bba43e6f14ab0196679
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
[](https://rubygems.org/gems/rack-dedos)
|
|
2
2
|
[](https://github.com/svoop/rack-dedos/actions?workflow=Test)
|
|
3
3
|
[](https://codeclimate.com/github/svoop/rack-dedos/)
|
|
4
|
-
[](https://github.com/sponsors/svoop)
|
|
5
5
|
|
|
6
6
|
<img src="https://github.com/svoop/rack-dedos/raw/main/doc/chop-chop.png" alt="chop-chop" align="right">
|
|
7
7
|
|
|
@@ -15,6 +15,8 @@ The filters have been proven to work against certain DoS attacks, however, they
|
|
|
15
15
|
* [API](https://www.rubydoc.info/gems/rack-dedos)
|
|
16
16
|
* Author: [Sven Schwyn - Bitcetera](https://bitcetera.com)
|
|
17
17
|
|
|
18
|
+
Thank you for supporting free and open-source software by sponsoring on [GitHub](https://github.com/sponsors/svoop) or on [Donorbox](https://donorbox.com/bitcetera). Any gesture is appreciated, from a single Euro for a ☕️ cup of coffee to 🍹 early retirement.
|
|
19
|
+
|
|
18
20
|
## Install
|
|
19
21
|
|
|
20
22
|
### Security
|
|
@@ -141,7 +143,7 @@ tar -xz -C /tmp -f /tmp/geoipupdate.tgz
|
|
|
141
143
|
|
|
142
144
|
A word on how the real client IP is determined. Both Rack 2 and Rack 3 (up to 3.0.7 at the time of writing) may populate the request `ip` incorrectly. Here's what a minimalistic Rack app deloyed to Render (behind Cloudflare) reports:
|
|
143
145
|
|
|
144
|
-
> request.ip = 172.71.135.17
|
|
146
|
+
> request.ip = 172.71.135.17<br>
|
|
145
147
|
> request.forwarded_for = ["81.XXX.XXX.XXX", "172.71.135.17", "10.201.229.136"]
|
|
146
148
|
|
|
147
149
|
Obviously, the reported IP 172.71.135.17 is not the real client IP, the correct one is the (redacted) 81.XXX.XXX.XXX.
|
|
@@ -39,17 +39,16 @@ module Rack
|
|
|
39
39
|
|
|
40
40
|
# Get the real IP of the client
|
|
41
41
|
#
|
|
42
|
-
# If
|
|
43
|
-
# by Rack may be wrong. Therefore, we determine the
|
|
44
|
-
# using the following priorities:
|
|
42
|
+
# If containers and/or proxies such as Cloudflare are in the mix, the
|
|
43
|
+
# client IP reported by Rack may be wrong. Therefore, we determine the
|
|
44
|
+
# real client IP using the following priorities:
|
|
45
45
|
#
|
|
46
46
|
# 1. Cf-Connecting-Ip header
|
|
47
47
|
# 2. X-Forwarded-For header (also remove port number)
|
|
48
48
|
# 3. IP reported by Rack
|
|
49
49
|
#
|
|
50
50
|
# @param request [Rack::Request]
|
|
51
|
-
# @return [String
|
|
52
|
-
# not set
|
|
51
|
+
# @return [String] real client IP
|
|
53
52
|
def real_ip(request)
|
|
54
53
|
case
|
|
55
54
|
when ip = request.get_header('HTTP_CF_CONNECTING_IP')
|
data/lib/rack/dedos/version.rb
CHANGED
data/lib/rack/dedos.rb
CHANGED
|
@@ -20,11 +20,11 @@ module Rack
|
|
|
20
20
|
|
|
21
21
|
Rack::Builder.new do
|
|
22
22
|
unless except.include? :user_agent
|
|
23
|
-
require_relative 'dedos/
|
|
23
|
+
require_relative 'dedos/filters/user_agent'
|
|
24
24
|
use(::Rack::Dedos::Filters::UserAgent, options)
|
|
25
25
|
end
|
|
26
26
|
unless except.include? :country
|
|
27
|
-
require_relative 'dedos/
|
|
27
|
+
require_relative 'dedos/filters/country'
|
|
28
28
|
use(::Rack::Dedos::Filters::Country, options)
|
|
29
29
|
end
|
|
30
30
|
run app
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,18 +1,17 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-dedos
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sven Schwyn
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain:
|
|
11
10
|
- |
|
|
12
11
|
-----BEGIN CERTIFICATE-----
|
|
13
12
|
MIIDODCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDDBhydWJ5
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjQxMTIwMjExMDIwWhcNMjUxMTIwMjEx
|
|
14
|
+
MDIwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
|
|
16
15
|
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLg+IHjXYaUlTSU7R235lQKD8ZhEe
|
|
17
16
|
KMhoGlSUonZ/zo1OT3KXcqTCP1iMX743xYs6upEGALCWWwq+nxvlDdnWRjF3AAv7
|
|
18
17
|
ikC+Z2BEowjyeCCT/0gvn4ohKcR0JOzzRaIlFUVInlGSAHx2QHZ2N8ntf54lu7nd
|
|
@@ -21,15 +20,15 @@ cert_chain:
|
|
|
21
20
|
PVa0i729A4IhroNnFNmw4wOC93ARNbM1+LW36PLMmKjKudf5Exg8VmDVAgMBAAGj
|
|
22
21
|
dzB1MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBSfK8MtR62mQ6oN
|
|
23
22
|
yoX/VKJzFjLSVDAdBgNVHREEFjAUgRJydWJ5QGJpdGNldGVyYS5jb20wHQYDVR0S
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
23
|
+
BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQDSeB1x
|
|
24
|
+
8QK8F/ML37isgvwGiQxovDUqu6Sq14cQ1qE9y5prUBmL2AsDuCBpXXctcvamFqNC
|
|
25
|
+
PgfJtj7ZZcXmY0SfKCog7T1btkr6zYxPXpxwUqB45n0I6v5qc0UCNvMEfBzxlak5
|
|
26
|
+
VW7UMNlKD9qukeN55hxuLF2F/sLldMcHUo/ATgdV4zk1t3sK6A9+02wz5K5qfWdM
|
|
27
|
+
Mi+XWXmGd57uojk3RcIXNwBRRP4DTKcKgVXhuyHb7q1vjTXrS6bw1Ortu0KmWOIk
|
|
28
|
+
jTyRsT1gymASS2KHe+BaCTwD74GqO8q4woYLZgXnJ/PvgcFgY2FEi2Kn/sXLp4JE
|
|
29
|
+
boIgxQCMT+nxBHCD
|
|
31
30
|
-----END CERTIFICATE-----
|
|
32
|
-
date:
|
|
31
|
+
date: 2024-12-25 00:00:00.000000000 Z
|
|
33
32
|
dependencies:
|
|
34
33
|
- !ruby/object:Gem::Dependency
|
|
35
34
|
name: rack
|
|
@@ -116,7 +115,7 @@ dependencies:
|
|
|
116
115
|
- !ruby/object:Gem::Version
|
|
117
116
|
version: '0'
|
|
118
117
|
- !ruby/object:Gem::Dependency
|
|
119
|
-
name: minitest-
|
|
118
|
+
name: minitest-flash
|
|
120
119
|
requirement: !ruby/object:Gem::Requirement
|
|
121
120
|
requirements:
|
|
122
121
|
- - ">="
|
|
@@ -221,7 +220,6 @@ metadata:
|
|
|
221
220
|
source_code_uri: https://github.com/svoop/rack-dedos
|
|
222
221
|
documentation_uri: https://www.rubydoc.info/gems/rack-dedos
|
|
223
222
|
bug_tracker_uri: https://github.com/svoop/rack-dedos/issues
|
|
224
|
-
post_install_message:
|
|
225
223
|
rdoc_options:
|
|
226
224
|
- "--title"
|
|
227
225
|
- AIXM/OFMX Builder
|
|
@@ -243,8 +241,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
243
241
|
- !ruby/object:Gem::Version
|
|
244
242
|
version: '0'
|
|
245
243
|
requirements: []
|
|
246
|
-
rubygems_version: 3.
|
|
247
|
-
signing_key:
|
|
244
|
+
rubygems_version: 3.6.2
|
|
248
245
|
specification_version: 4
|
|
249
246
|
summary: Radical filters to block denial-of-service (DoS) requests.
|
|
250
247
|
test_files: []
|
metadata.gz.sig
CHANGED
|
Binary file
|