gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

Merge pull request from GHSA-c2r5-cfqr-c553

Browse source 
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations

* Remove rack-attack safelist
This commit is contained in:
Claire 2024-05-30 14:24:29 +02:00 committed by GitHub
parent 7920aa59e8
commit 8ab0ca7d64
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 73 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
config/application.rb
View file

@ -48,6 +48,7 @@ require_relative '../lib/chewy/strategy/bypass_with_warning'
require_relative '../lib/webpacker/manifest_extensions'
require_relative '../lib/webpacker/helper_extensions'
require_relative '../lib/rails/engine_extensions'
require_relative '../lib/action_dispatch/remote_ip_extensions'
require_relative '../lib/active_record/database_tasks_extensions'
require_relative '../lib/active_record/batches'
require_relative '../lib/simple_navigation/item_extensions'

4
config/initializers/rack_attack.rb
View file

@ -62,10 +62,6 @@ class Rack::Attack
end
end
Rack::Attack.safelist('allow from localhost') do |req|
req.remote_ip == '127.0.0.1' || req.remote_ip == '::1'
end
Rack::Attack.blocklist('deny from blocklist') do |req|
IpBlock.blocked?(req.remote_ip)
end