Skip to content

Configure ActionDispatch::RemoteIp trusted proxies for Amazon CloudFront.

License

Notifications You must be signed in to change notification settings

customink/actionpack-cloudfront

Repository files navigation

Actionpack::Cloudfront

Build Status

Configure Rails' ActionDispatch::RemoteIp to use Amazon CloudFront's IP ranges as trusted proxies.

Installation & Usage

Add this line to your Rails application's Gemfile. No other configuration is needed.

gem 'actionpack-cloudfront'

How It Works

The gem works by making an API call to https://ip-ranges.amazonaws.com/ip-ranges.json, selecting all CLOUDFRONT services and pushing each IP prefix to the following config:

ActionDispatch::Railtie.config.action_dispatch.trusted_proxies

The API request has a timeout of 5 seconds and will only be made when the Rails.env is not test or development. If the timeout is reached, a local backup JSON file is used.

Updating Backup JSON

This uses the jq binary to parse/clean the output.

curl -s "https://ip-ranges.amazonaws.com/ip-ranges.json" | jq . > lib/action_pack/cloudfront/ip-ranges.json

Contributing

We use the Appraisal gem from Thoughtbot to help us test different versions of Rails. The appraisal rake test subcommand runs our test suite against all Rails versions in the Appraisal file. So after cloning the repo, running the following commands.

$ bundle install
$ bundle exec appraisal update
$ bundle exec appraisal rake test

If you want to run the tests for a specific appraisal, use one of the names found in our Appraisal file. For example, the following will run our tests suite for Rails 4.2 only.

$ bundle exec appraisal rails42 rake test

Alternatives

  • cloudfront-rails - Leverages cached HTTP requests to Cloudfront to extend Rails' trusted proxies list thru method patching vs assigning to ActionDispatch's trusted proxies config.

License

The gem is available as open source under the terms of the MIT License.