blob: 2fc08db9b4d7102e37eb52aeae29f4a7fc8a74c0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# frozen_string_literal: true
module Gitlab
module Middleware
# ActionDispatch::RemoteIp tries to set the `request.ip` for controllers by
# looking at the request IP and headers. It needs to see through any reverse
# proxies to get the right answer, but there are some security issues with
# that.
#
# Proxies can specify `Client-Ip` or `X-Forwarded-For`, and the security of
# that is determined at the edge. If both headers are present, it's likely
# that the edge is securing one, but ignoring the other. Rails blocks this,
# which is correct, because we don't know which header is the safe one - but
# we want the block to be a 400, rather than 500, error.
#
# This middleware needs to go before ActionDispatch::RemoteIp in the chain.
class HandleIpSpoofAttackError
attr_reader :app
def initialize(app)
@app = app
end
def call(env)
app.call(env)
rescue ActionDispatch::RemoteIp::IpSpoofAttackError => err
Gitlab::ErrorTracking.track_exception(err)
[400, { 'Content-Type' => 'text/plain' }, ['Bad Request']]
end
end
end
end
|