This gem correctly configures Rails for CloudFlare so that
request.ip both work correctly.
For Rails 5, use >=
For Rails 4.2, use
Add this line to your application's
group :production do # or :staging or :beta or whatever environments you are using cloudflare in. # you probably don't want this for :test or :development gem 'cloudflare-rails' end
And then execute:
Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a CF-Connecting-IP header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
cloudflare-rails mitigates this attack by checking that the originating ip address of any incoming connecting is from one of Cloudflare's ip address ranges. If so, the incoming
X-Forwarded-For header is trusted and used as the ip address provided to
request.remote_ip). If the incoming connection does not originate from a Cloudflare server then the
X-Forwarded-For header is ignored and the actual remote ip address is used.
This code will fetch CloudFlare's current IPv4 and IPv6 lists, store them in
Rails.cache, and add them to
X-Forwarded-For header will then be trusted only from those ip addresses.
You can configure the HTTP
expires_in cache parameters inside of your rails config:
config.cloudflare.expires_in = 12.hours # default value config.cloudflare.timeout = 5.seconds # default value
actionpack-cloudflare simpler approach using the
After checking out the repo, run
bin/setup to install dependencies. Then, run
rake spec to run the tests. You can also run
bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run
bundle exec rake install. To release a new version, update the version number in
version.rb, and then run
bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the
.gem file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/modosc/cloudflare-rails.