module ActionHook::Security::IPBlocking

Public Instance Methods

verify_allowed!(configuration, hostname_or_ip) click to toggle source
# File lib/actionhook/security/ip_blocking.rb, line 21
def verify_allowed!(configuration, hostname_or_ip)
  return if configuration.allow_all?

  begin
    verify_ip_allowed!(configuration, IPAddr.new(hostname_or_ip))
  rescue IPAddr::InvalidAddressError
    verify_hostname_allowed!(configuration, hostname_or_ip)
  end

end

Protected Instance Methods

verify_hostname_allowed!(configuration, hostname) click to toggle source
# File lib/actionhook/security/ip_blocking.rb, line 47
def verify_hostname_allowed!(configuration, hostname)
  #TODO: Find out of Resolv looks up all kinds of DNS records and if it can be improved by limiting the DNS record types
  Resolv.each_address(hostname) do |ip|
    begin
      #TODO: Add logging
      verify_ip_allowed!(configuration, IPAddr.new(ip), hostname)
    rescue IPAddr::InvalidAddressError
      #TODO: ADD logging
    end
  end
end
verify_ip_allowed!(configuration, ip, host = ip) click to toggle source
# File lib/actionhook/security/ip_blocking.rb, line 34
def verify_ip_allowed!(configuration, ip, host = ip)
  if !configuration.allow_private_ips && (ip.private? || ip.loopback?)
    raise PrivateIPError.new("Host: #{host} IP: #{ip} is private")
  end

  if configuration.blocked_custom_ip_ranges
    found = configuration.blocked_custom_ip_ranges.find{|range| range.include?(ip) }
    if found
      raise BlockedRequestError.new("Host: #{host} IP: #{ip} is part of the blocked range: #{found}")
    end
  end
end