Class: Gitlab::Middleware::HandleIpSpoofAttackError

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/middleware/handle_ip_spoof_attack_error.rb

Overview

ActionDispatch::RemoteIp tries to set the `request.ip` for controllers by looking at the request IP and headers. It needs to see through any reverse proxies to get the right answer, but there are some security issues with that.

Proxies can specify `Client-Ip` or `X-Forwarded-For`, and the security of that is determined at the edge. If both headers are present, it's likely that the edge is securing one, but ignoring the other. Rails blocks this, which is correct, because we don't know which header is the safe one - but we want the block to be a 400, rather than 500, error.

This middleware needs to go before ActionDispatch::RemoteIp in the chain.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ HandleIpSpoofAttackError

Returns a new instance of HandleIpSpoofAttackError.


20
21
22
# File 'lib/gitlab/middleware/handle_ip_spoof_attack_error.rb', line 20

def initialize(app)
  @app = app
end

Instance Attribute Details

#appObject (readonly)

Returns the value of attribute app.


18
19
20
# File 'lib/gitlab/middleware/handle_ip_spoof_attack_error.rb', line 18

def app
  @app
end

Instance Method Details

#call(env) ⇒ Object


24
25
26
27
28
29
30
# File 'lib/gitlab/middleware/handle_ip_spoof_attack_error.rb', line 24

def call(env)
  app.call(env)
rescue ActionDispatch::RemoteIp::IpSpoofAttackError => err
  Gitlab::ErrorTracking.track_exception(err)

  [400, { 'Content-Type' => 'text/plain' }, ['Bad Request']]
end