Revision 1927aef0
Added by Paul Kelly over 12 years ago
- ID 1927aef034a0c18e446a75dbfddfbce333d64ad5
| bin/smart-proxy | ||
|---|---|---|
|
end
|
||
|
|
||
|
before do
|
||
|
# If we reach here then the peer is verified and cannot be spoofed
|
||
|
if ssl_options and SETTINGS.trusted_hosts
|
||
|
unless SETTINGS.trusted_hosts.include? request.env["REMOTE_HOST"].downcase
|
||
|
log_halt 403, "Untrusted client #{request.env["REMOTE_HOST"].downcase} attempted to access #{request.path_info}. Check :trusted_hosts: in settings.yml"
|
||
|
end
|
||
|
# If we are using certificates and we reach here then the peer is verified and cannot be spoofed. ALWAYS use certificates OR ELSE!!!
|
||
|
# If we are not using certificates then the hostname can be spoofed but this will still keep out most casual mischief.
|
||
|
if !SETTINGS.trusted_hosts.empty? and !SETTINGS.trusted_hosts.include?(request.env["REMOTE_HOST"].downcase)
|
||
|
log_halt 403, "Untrusted client #{request.env["REMOTE_HOST"].downcase} attempted to access #{request.path_info}. Check :trusted_hosts: in settings.yml"
|
||
|
end
|
||
|
end
|
||
|
end
|
||
Also available in: Unified diff
Fixes #1022 - trusted hosts are ignored
Signed-off-by: Paul Kelly <paul.ian.kelly@goo