Rack middleware to remove “HTTP_X_FORWARDED_FOR” in the Rack environment
and
replace “REMOTE_ADDR” with the value of the original client address.
This uses the “rpatricia” RubyGem to filter out spoofed requests from
clients outside your LAN. The list of trusted address defaults to
private LAN addresses defined RFC 1918 and those belonging to localhost.
This will also read “HTTP_X_FORWARDED_PROTO” and set “rack.url_scheme”
to “https” if the “X-Forwarded-Proto” header is set properly and sent
from a trusted address chain.
=== Usage (Unxf#initialize RDoc)
In your Rack config.ru:
use UnXF
If you do not want to trust any hosts other than “0.6.6.6”,
you may only specify one host to trust:
use UnXF, “0.6.6.6”
If you want to trust “0.6.6.6” in addition to the default set of
hosts:
use UnXF, [ :RFC_1918, :LOCALHOST, “0.6.6.6” ]
- UnXF - Un-X-Forward* the Rack environment
- [email protected]
- git://bogomips.org/unxf.git
- UnXF news
Changes:
This release supports IPv6 with the updated rpatricia 0.08
library.