Class: Rack::RemoteIp
- Inherits:
-
Object
- Object
- Rack::RemoteIp
- Defined in:
- lib/rack/remote_ip.rb
Defined Under Namespace
Classes: GetIp, IpSpoofAttackError
Constant Summary collapse
- TRUSTED_PROXIES =
The default trusted IPs list simply includes IP addresses that are guaranteed by the IP specification to be private addresses. Those will not be the ultimate client IP in production, and so are discarded. See en.wikipedia.org/wiki/Private_network for details.
[ "127.0.0.0/8", # localhost IPv4 range, per RFC-3330 "::1", # localhost IPv6 "fc00::/7", # private IPv6 range fc00::/7 "10.0.0.0/8", # private IPv4 range 10.x.x.x "172.16.0.0/12", # private IPv4 range 172.16.0.0 .. 172.31.255.255 "192.168.0.0/16", # private IPv4 range 192.168.x.x ].map { |proxy| IPAddr.new(proxy) }
Instance Attribute Summary collapse
-
#check_ip ⇒ Object
readonly
Returns the value of attribute check_ip.
-
#proxies ⇒ Object
readonly
Returns the value of attribute proxies.
Instance Method Summary collapse
-
#call(env) ⇒ Object
Since the IP address may not be needed, we store the object here without calculating the IP to keep from slowing down the majority of requests.
-
#initialize(app, skip_ip_spoofing_check: false, custom_proxies: []) ⇒ RemoteIp
constructor
Create a new
RemoteIp
middleware instance.
Constructor Details
#initialize(app, skip_ip_spoofing_check: false, custom_proxies: []) ⇒ RemoteIp
Create a new RemoteIp
middleware instance.
The skip_ip_spoofing_check
option is off by default (so spoofing is enabled). When on, an exception is raised if it looks like the client is trying to lie about its own IP address. It makes sense to turn off this check on sites aimed at non-IP clients (like WAP devices), or behind proxies that set headers in an incorrect or confusing way (like AWS ELB).
The custom_proxies
argument can take an enumerable which will be used instead of TRUSTED_PROXIES
. Any proxy setup will put the value you want in the middle (or at the beginning) of the X-Forwarded-For
list, with your proxy servers after it. If your proxies aren’t removed, pass them in via the custom_proxies
parameter. That way, the middleware will ignore those IP addresses, and return the one that you want.
67 68 69 70 71 |
# File 'lib/rack/remote_ip.rb', line 67 def initialize(app, skip_ip_spoofing_check: false, custom_proxies: []) @app = app @check_ip = !skip_ip_spoofing_check @proxies = TRUSTED_PROXIES + custom_proxies end |
Instance Attribute Details
#check_ip ⇒ Object (readonly)
Returns the value of attribute check_ip.
50 51 52 |
# File 'lib/rack/remote_ip.rb', line 50 def check_ip @check_ip end |
#proxies ⇒ Object (readonly)
Returns the value of attribute proxies.
50 51 52 |
# File 'lib/rack/remote_ip.rb', line 50 def proxies @proxies end |
Instance Method Details
#call(env) ⇒ Object
Since the IP address may not be needed, we store the object here without calculating the IP to keep from slowing down the majority of requests. For those requests that do need to know the IP, the GetIp#calculate_ip method will calculate the memoized client IP address.
77 78 79 80 |
# File 'lib/rack/remote_ip.rb', line 77 def call(env) env["remote_ip"] = GetIp.new(env, self.check_ip, self.proxies) @app.call(env) end |