From 8d73c7613178f5d46ff91a81f7783ca907deb64a Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sat, 23 Jul 2016 21:01:23 -0700
Subject: Ignore invalid trusted proxies in X-Forwarded-For header

Certain reverse proxies can send invalid IP addresses in the X-Forwarded-For header
For example, Apache can send (null).

Closes #20194
---
 spec/initializers/trusted_proxies_spec.rb | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'spec/initializers')

diff --git a/spec/initializers/trusted_proxies_spec.rb b/spec/initializers/trusted_proxies_spec.rb
index 14c8df954a6..52d5a7dffc9 100644
--- a/spec/initializers/trusted_proxies_spec.rb
+++ b/spec/initializers/trusted_proxies_spec.rb
@@ -17,6 +17,12 @@ describe 'trusted_proxies', lib: true do
       expect(request.remote_ip).to eq('10.1.5.89')
       expect(request.ip).to eq('10.1.5.89')
     end
+
+    it 'filters out bad values' do
+      request = stub_request('HTTP_X_FORWARDED_FOR' => '(null), 10.1.5.89')
+      expect(request.remote_ip).to eq('10.1.5.89')
+      expect(request.ip).to eq('10.1.5.89')
+    end
   end
 
   context 'with private IP ranges added' do
-- 
cgit v1.2.3