From 75c2fbc4faa8ea15f136fb414627afa19e47d09e Mon Sep 17 00:00:00 2001 From: Bradford Folkens Date: Tue, 3 Jun 2008 17:11:48 -0500 Subject: [PATCH] If Client-IP and X-Forwarded-For are the same, we don't need to return a 500. --- actionpack/lib/action_controller/request.rb | 7 ++++--- actionpack/test/controller/request_test.rb | 3 +++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb index a35b904..f275ec1 100755 --- a/actionpack/lib/action_controller/request.rb +++ b/actionpack/lib/action_controller/request.rb @@ -140,8 +140,10 @@ module ActionController return @env['REMOTE_ADDR'] end + remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',') + if @env.include? 'HTTP_CLIENT_IP' - if @env.include? 'HTTP_X_FORWARDED_FOR' + if remote_ips and !remote_ips.include?(@env['HTTP_CLIENT_IP']) # We don't know which came from the proxy, and which from the user raise ActionControllerError.new(< 1 && TRUSTED_PROXIES =~ remote_ips.last.strip remote_ips.pop end diff --git a/actionpack/test/controller/request_test.rb b/actionpack/test/controller/request_test.rb index 82ddfec..2bd489b 100644 --- a/actionpack/test/controller/request_test.rb +++ b/actionpack/test/controller/request_test.rb @@ -59,6 +59,9 @@ class RequestTest < Test::Unit::TestCase assert_match /HTTP_X_FORWARDED_FOR="9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4"/, e.message assert_match /HTTP_CLIENT_IP="8.8.8.8"/, e.message + @request.env['HTTP_X_FORWARDED_FOR'] = '8.8.8.8, 9.9.9.9' + assert_equal '8.8.8.8', @request.remote_ip + @request.env.delete 'HTTP_CLIENT_IP' @request.env.delete 'HTTP_X_FORWARDED_FOR' end -- 1.5.4.3