Block private ips (allow_private_ips)

[miguel-s-rodrigues]

Basic Info

• Faraday Version: 2.7.4
• Ruby Version: 3.1.3

Issue description

We're trying to implement a way to block requests to private ip addresses. I couldn't find it but I thought there was an options on the connection (allow_private_ips) that would do this. Can you please point me in the right direction?

Steps to reproduce

If possible, please provide the steps to reproduce the issue.

CHECKLIST (delete before creating the issue)

• If you're not reporting a bug/issue, you can ignore this whole template.
• Are you using the latest Faraday version? If not, please check the Releases page to see if the issue has already been fixed.
• Provide the Faraday and Ruby Version you're using while experiencing the issue.
• Fill the Issue description and Steps to Reproduce sections.
• Delete this checklist before posting the issue.

[iMacTia]

Hi @miguelrod I'm sorry but to my knowledge, there's such option in Faraday (or in any Ruby http library?).

I'm not really sure about the value in adding this check to Faraday, as you can easily test if the IP you're passing to the connection is private yourself.

I'm closing this for now, but feel free to let me know if you'd like to discuss this further

[miguel-s-rodrigues]

Hi @iMacTia 👋

Thank you for getting back to me, appreciate the info.

However, the issue here is that we're using your redirect class and, thus, the check for the IP address could be done before following up on a redirect. Otherwise, we can't follow up on your redirects at all... since we need to check the IP address before connecting to it.

[iMacTia]

Ah, I see the issue. Are you using faraday-follow_redirects?

That middleware has a callback option that you can use to check the new URL