module ActionHook::Security::IPBlocking
Public Instance Methods
verify_allowed!(configuration, hostname_or_ip)
click to toggle source
# File lib/actionhook/security/ip_blocking.rb, line 21 def verify_allowed!(configuration, hostname_or_ip) return if configuration.allow_all? begin verify_ip_allowed!(configuration, IPAddr.new(hostname_or_ip)) rescue IPAddr::InvalidAddressError verify_hostname_allowed!(configuration, hostname_or_ip) end end
Protected Instance Methods
verify_hostname_allowed!(configuration, hostname)
click to toggle source
# File lib/actionhook/security/ip_blocking.rb, line 47 def verify_hostname_allowed!(configuration, hostname) #TODO: Find out of Resolv looks up all kinds of DNS records and if it can be improved by limiting the DNS record types Resolv.each_address(hostname) do |ip| begin #TODO: Add logging verify_ip_allowed!(configuration, IPAddr.new(ip), hostname) rescue IPAddr::InvalidAddressError #TODO: ADD logging end end end
verify_ip_allowed!(configuration, ip, host = ip)
click to toggle source
# File lib/actionhook/security/ip_blocking.rb, line 34 def verify_ip_allowed!(configuration, ip, host = ip) if !configuration.allow_private_ips && (ip.private? || ip.loopback?) raise PrivateIPError.new("Host: #{host} IP: #{ip} is private") end if configuration.blocked_custom_ip_ranges found = configuration.blocked_custom_ip_ranges.find{|range| range.include?(ip) } if found raise BlockedRequestError.new("Host: #{host} IP: #{ip} is part of the blocked range: #{found}") end end end