Make Rack::Request use our trusted proxies when filtering IP addresses (!4958) · Merge requests · GitLab.org / GitLab FOSS

DJ Mountney requested to merge rack-request-trusted-proxies into master Jun 27, 2016

What does this MR do?

This allows us to control the trusted proxies while deployed in a private network.

Are there points in the code the reviewer needs to double check?

If we want to limit what is impacted, we can do this specifically for the rack_attack request object.

Why was this MR needed?

Normally Rack::Request will trust all private IPs as trusted proxies, which can cause problems if your users are connection on you network via private IP ranges.

Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.

What are the relevant issue numbers?

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17550

Does this MR meet the acceptance criteria?

CHANGELOG entry added
~~Documentation created/updated~~
~~API support added~~
Tests
- Added for this feature/bug
- All builds are passing
Conform by the style guides
Branch has no merge conflicts with master (if you do - rebase it please)
Squashed related commits together

\cc @stanhu

Admin message