Low commit activity in last 3 years
A long-lived project that still receives updates
Restrict the IP addresses Faraday will connect to
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Runtime

> 1.0, < 3.0
 Project Readme

Faraday::RestrictIPAddresses

Prevent Faraday from hitting an arbitrary list of IP addresses, with helpers for RFC 1918 networks, RFC 6890 networks, and localhost.

System DNS facilities are used, so lookups should be cached instead of making another request. Addresses are invalid if a host has has at least one invalid DNS entry.

Usage

faraday = Faraday.new do |builder|
  builder.request :url_encoded
  builder.request :restrict_ip_addresses, deny_rfc6890: true,
                                          allow_localhost: true,
                                          deny: ['8.0.0.0/8',
                                                 '224.0.0.0/7'],
                                          allow: ['192.168.0.0/24']
  builder.adapter Faraday.default_adapter
end

faraday.get 'http://www.badgerbadgerbadger.com' # 150.0.0.150 or something
# => cool

faraday.get 'http://malicious-callback.com'      # 172.0.0.150, maybe a secret internal server? Maybe not?
# => raises Faraday::RestrictIPAddresses::AddressNotAllowed

Permit/denied order is:

  • All addresses are allowed, except
  • Addresses that are denied, except
  • Addresses that are allowed.

Author

Dat @bhuga with shoutouts to @mastahyeti's gist.

UNLICENSE

It's right there.