Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add cloudflare? method to determine if request passed through CF #149

Merged
merged 2 commits into from
Sep 17, 2024

Commits on Aug 30, 2024

  1. Add cloudflare? method to determine if request passed through CF

    The `request.cloudflare?` method can be used in a Rack::Attack blocklist rule
    to block traffic that hasn't passed through CloudFlare.
    
    For instance:
    
    ```ruby
      Rack::Attack.blocklist('CloudFlare WAF bypass') do |req|
        !req.cloudflare?
      end
    ```
    
    Note that the request may optionally pass through additional trusted
    proxies, so it will return true for any of these scenarios:
    
    * `REMOTE_ADDR` = CloudFlare
    * `REMOTE_ADDR` = *trusted_proxy*, `X_HTTP_FORWARDED_FOR` = CloudFlare,...
    * `REMOTE_ADDR` = *trusted_proxy*, `X_HTTP_FORWARDED_FOR` = *trusted_proxy2*,CloudFlare,...
    
    but it will return false if CloudFlare comes after the trusted prefix of
    `X-Forwarded-For`.
    afn committed Aug 30, 2024
    Configuration menu
    Copy the full SHA
    5936dc7 View commit details
    Browse the repository at this point in the history

Commits on Sep 5, 2024

  1. Address Rubocop warnings

    * Break up tests to only have one expectation per spec
    * Reduce line lengths
    afn committed Sep 5, 2024
    Configuration menu
    Copy the full SHA
    5be938f View commit details
    Browse the repository at this point in the history