Possible to overwrite trusted proxies list #2769

2025-07-03 09:43:36 +02:00 · 2015-07-21 17:29:16 +03:00 · 2015-07-21 17:29:16 +03:00 · f0b015bddf
commit f0b015bddf
parent ff5ee99e40
3 changed files with 23 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,4 +1,9 @@
+21.07.2015
+
+* Possible to define custom trusted proxies at application.yml
+
 20.07.2015
+
 * New syntax for setting webclient IP-s (see config/application-example.yml)

 14.07.2015
--- a/config/application-example.yml
+++ b/config/application-example.yml
@ -31,6 +31,10 @@ webclient_cert_common_name: 'webclient'
 # and returns 2306 "Parameter value policy error"
 contact_org_enabled: 'false'

+# Overwrite rack default trusted proxies list in order to
+# enable test external interfaces EPP/REPP from webserver network
+# eis_trusted_proxies: '1.1.1.1,2.2.2.2' #ips, separated with commas
+
 # Enable iptables counter updater
 # iptables_counter_enabled: 'true'

--- a/config/initializers/eis_custom_rack.rb
+++ b/config/initializers/eis_custom_rack.rb
@ -0,0 +1,14 @@
+# EIS custom rack hack in order to enable test external interfaces EPP/REPP inside webserver network 
+# rubocop:disable Metrics/LineLength
+module Rack
+  class Request
+    def trusted_proxy?(ip)
+      if ENV['eis_trusted_proxies']
+        ENV['eis_trusted_proxies'].split(',').map(&:strip).include?(ip)
+      else
+        ip =~ /\A127\.0\.0\.1\Z|\A(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i
+      end
+    end
+  end
+end
+# rubocop:enable Metrics/LineLength