From 6a21efccb376ec1bcf0092a68563e1f6c4be36aa Mon Sep 17 00:00:00 2001 From: jonathan schatz Date: Sun, 22 Sep 2024 16:55:31 -0700 Subject: [PATCH] bump version to 6.1, add #cloudfront? docs --- CHANGELOG.md | 3 +++ README.md | 23 ++++++++++++++++++++--- lib/cloudflare_rails/version.rb | 2 +- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a293f6b..3454c92 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [6.1.0] +- Add cloudflare? method to determine if request passed through CF (https://github.com/modosc/cloudflare-rails/pull/149) + ## [6.0.0] - 2024-06-12 - Drop support for `rails` version `6.1` and `7.0`, new minimum version is `7.1.0` (https://github.com/modosc/cloudflare-rails/pull/142) - Bump minimum ruby version to `3.1.0` in preparation for `rails` version `7.2` (https://github.com/modosc/cloudflare-rails/pull/142) diff --git a/README.md b/README.md index b7b9123..a35b5a9 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # CloudflareRails [![Gem Version](https://badge.fury.io/rb/cloudflare-rails.svg)](https://badge.fury.io/rb/cloudflare-rails) -This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com) so that `request.remote_ip` / `request.ip` both work correctly. +This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com) so that `request.remote_ip` / `request.ip` both work correctly. It also exposes a `#cloudflare?` method on `Rack::Request`. ## Rails Compatibility @@ -14,7 +14,6 @@ This gem requires `railties`, `activesupport`, and `actionpack` >= `7.1`. For ol | 5.1 | 2.0.0 | | 5.0 | 2.0.0 | | 4.2 | 0.1.0 | -| ----- | ------- | ## Installation @@ -48,13 +47,31 @@ Unfortunately this does not fix `request.ip`. This method comes from the [Rack:: These issues are why this gem patches both `Rack::Request::Helpers` and `ActionDispatch::RemoteIP` rather than using the built-in configuration methods. +## Prerequisites +You must have a [`cache_store`](https://guides.rubyonrails.org/caching_with_rails.html#configuration) configured in your `rails` application. + ## Usage -You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your rails config: +You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your `rails` config: ```ruby config.cloudflare.expires_in = 12.hours # default value config.cloudflare.timeout = 5.seconds # default value ``` +## Blocking non-Cloudflare traffic +You can use the `#cloudfront?` method from this gem to block all non-Cloudflare traffic to your application. Here's an example of doing this with [`Rack::Attack`](https://github.com/rack/rack-attack): +```ruby + Rack::Attack.blocklist('CloudFlare WAF bypass') do |req| + !req.cloudflare? + end +``` +Note that the request may optionally pass through additional trusted proxies, so it will return true for any of these scenarios: + + * `REMOTE_ADDR: CloudFlare` + * `REMOTE_ADDR: trusted_proxy`, `X_HTTP_FORWARDED_FOR: CloudFlare` + * `REMOTE_ADDR: trusted_proxy`, `X_HTTP_FORWARDED_FOR: trusted_proxy2,CloudFlare,...` + +but it will return false if CloudFlare comes after the trusted prefix of `X-Forwarded-For`. + ## Alternatives [actionpack-cloudflare](https://github.com/customink/actionpack-cloudflare) simpler approach using the `CF-Connecting-IP` header. diff --git a/lib/cloudflare_rails/version.rb b/lib/cloudflare_rails/version.rb index ab02471..a4f5543 100644 --- a/lib/cloudflare_rails/version.rb +++ b/lib/cloudflare_rails/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module CloudflareRails - VERSION = '6.0.0' + VERSION = '6.1.0' end