From f53fa22d8923a7fb66f02fdc18b79131683cd93e Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Tue, 24 May 2011 15:31:30 -0700 Subject: [PATCH] update documentation --- README | 63 +++++++++++++++++++++++++++++++++++++++++++++++-------------- lib/unxf.rb | 18 +++++++++++++++++- 2 files changed, 66 insertions(+), 15 deletions(-) rewrite README (74%) diff --git a/README b/README dissimilarity index 74% index 27e32dc..bb26b35 100644 --- a/README +++ b/README @@ -1,14 +1,49 @@ -= UnXF - Un-X-Forward* the Rack environment - -Removes X-Forwarded-For in the Rack environment and replaces REMOTE_ADDR -with the correct value (assuming REMOTE_ADDR and the X-Forwarded-For -chain is provided). - -=== Hacking - -* git clone git://bogomips.org/unxf.git - -=== Contact - -* Email our mailing list for all support questions, patches, bug reports, pull - requests: mailto:unxf@librelist.org += UnXF - Un-X-Forward* the Rack environment + +Rack middleware to remove "HTTP_X_FORWARDED_FOR" in the Rack environment and +replace "REMOTE_ADDR" with the value of the original client address. + +This uses the "rpatricia" RubyGem to filter out spoofed requests from +clients outside your LAN. The list of trusted address defaults to +private LAN addresses defined RFC 1918 and those belonging to localhost. + +This will also read "HTTP_X_FORWARDED_PROTO" and set "rack.url_scheme" +to "https" if the "X-Forwarded-Proto" header is set properly and sent +from a trusted address chain. + +== Install + +If you use RubyGems: + + gem install unxf + +You will need a C compiler and Ruby development headers to install the +"rpatricia" RubyGem if it is not already installed. + +=== Hacking + +You can get the latest source via git from the following locations: + +* git clone git://bogomips.org/unxf.git +* git clone git://repo.or.cz/unxf.git (mirror) + +You may browse the code from the web and download the latest snapshot +tarballs here: + +* http://bogomips.org/unxf.git (cgit) +* http://repo.or.cz/w/unxf.git (gitweb) + +Inline patches (from "git format-patch") to the +{mailing list}[mailto:unxf@librelist.org] are +preferred because they allow code review and comments in the reply to +the patch. + +We will adhere to mostly the same conventions for patch submissions as +git itself. See the Documentation/SubmittingPatches document +distributed with git on on patch submission guidelines to follow. Just +don't email the git mailing list or maintainer with unxf patches. + +== Contact + +All feedback (bug reports, user/development discussion, patches, pull +requests) go to the mailing list: mailto:unxf@librelist.org diff --git a/lib/unxf.rb b/lib/unxf.rb index d33cdb6..b5ff335 100644 --- a/lib/unxf.rb +++ b/lib/unxf.rb @@ -1,6 +1,8 @@ # -*- encoding: binary -*- require 'rpatricia' +# Rack middleware to remove "HTTP_X_FORWARDED_FOR" in the Rack environment and +# replace "REMOTE_ADDR" with the value of the original client address. class UnXF # :stopdoc: # reduce garbage overhead by using constant strings @@ -17,6 +19,19 @@ class UnXF # localhost addresses (127.0.0.0/8) LOCALHOST = %w(127.0.0.0/8) + # In your Rack config.ru: + # + # use UnXF + # + # If you do not want to trust any hosts other than "0.6.6.6", + # you may only specify one host to trust: + # + # use UnXF, "0.6.6.6" + # + # If you want to trust "0.6.6.6" in addition to the default set of hosts: + # + # use UnXF, [ :RFC_1918, :LOCALHOST, "0.6.6.6" ] + # def initialize(app, trusted = [:RFC_1918, :LOCALHOST]) @app = app @trusted = Patricia.new @@ -26,7 +41,8 @@ class UnXF end end - def call(env) + # Rack entry point + def call(env) # :nodoc: if xff_str = env.delete(HTTP_X_FORWARDED_FOR) xff = xff_str.split(/\s*,\s*/) addr = env[REMOTE_ADDR] -- 2.11.4.GIT