rails--rails/actionpack/lib/action_dispatch/middleware/remote_ip.rb

module ActionDispatch
  class RemoteIp
    class IpSpoofAttackError < StandardError ; end

    # IP addresses that are "trusted proxies" that can be stripped from
    # the comma-delimited list in the X-Forwarded-For header. See also:
    # http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces
    TRUSTED_PROXIES = %r{
      ^127\.0\.0\.1$                | # localhost
      ^(10                          | # private IP 10.x.x.x
        172\.(1[6-9]|2[0-9]|3[0-1]) | # private IP in the range 172.16.0.0 .. 172.31.255.255
        192\.168                      # private IP 192.168.x.x
       )\.
    }x

    def initialize(app, check_ip_spoofing = true, custom_proxies = nil)
      @app = app
      @check_ip_spoofing = check_ip_spoofing
      if custom_proxies
        custom_regexp = Regexp.new(custom_proxies, "i")
        @trusted_proxies = Regexp.union(TRUSTED_PROXIES, custom_regexp)
      else
        @trusted_proxies = TRUSTED_PROXIES
      end
    end

    # Determines originating IP address. REMOTE_ADDR is the standard
    # but will be wrong if the user is behind a proxy. Proxies will set
    # HTTP_CLIENT_IP and/or HTTP_X_FORWARDED_FOR, so we prioritize those.
    # HTTP_X_FORWARDED_FOR may be a comma-delimited list in the case of
    # multiple chained proxies. The last address which is not a known proxy
    # will be the originating IP.
    def call(env)
      client_ip     = env['HTTP_CLIENT_IP']
      forwarded_ips = ips_from(env, 'HTTP_X_FORWARDED_FOR')
      remote_addrs  = ips_from(env, 'REMOTE_ADDR')

      if client_ip && @check_ip_spoofing && !forwarded_ips.include?(client_ip)
        # We don't know which came from the proxy, and which from the user
        raise IpSpoofAttackError, "IP spoofing attack?!" \
          "HTTP_CLIENT_IP=#{env['HTTP_CLIENT_IP'].inspect}" \
          "HTTP_X_FORWARDED_FOR=#{env['HTTP_X_FORWARDED_FOR'].inspect}"
      end

      remote_ip = client_ip || forwarded_ips.last || remote_addrs.last
      env["action_dispatch.remote_ip"] = remote_ip
      @app.call(env)
    end

  protected

    def ips_from(env, header)
      ips = env[header] ? env[header].strip.split(/[,\s]+/) : []
      ips.reject{|ip| ip =~ @trusted_proxies }
    end

  end
end
Move remote_ip to a middleware: * ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies 2010-03-03 19:22:30 -05:00			`module ActionDispatch`
			`class RemoteIp`
			`class IpSpoofAttackError < StandardError ; end`

refactor RemoteIp middleware - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address. 2011-11-12 02:22:49 -05:00			`# IP addresses that are "trusted proxies" that can be stripped from`
			`# the comma-delimited list in the X-Forwarded-For header. See also:`
			`# http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces`
			`TRUSTED_PROXIES = %r{`
			`^127\.0\.0\.1$ \| # localhost`
			`^(10 \| # private IP 10.x.x.x`
			`172\.(1[6-9]\|2[0-9]\|3[0-1]) \| # private IP in the range 172.16.0.0 .. 172.31.255.255`
			`192\.168 # private IP 192.168.x.x`
			`)\.`
			`}x`

			`def initialize(app, check_ip_spoofing = true, custom_proxies = nil)`
			`@app = app`
			`@check_ip_spoofing = check_ip_spoofing`
			`if custom_proxies`
			`custom_regexp = Regexp.new(custom_proxies, "i")`
			`@trusted_proxies = Regexp.union(TRUSTED_PROXIES, custom_regexp)`
			`else`
			`@trusted_proxies = TRUSTED_PROXIES`
Move remote_ip to a middleware: * ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies 2010-03-03 19:22:30 -05:00			`end`
refactor RemoteIp middleware - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address. 2011-11-12 02:22:49 -05:00			`end`
Move remote_ip to a middleware: * ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies 2010-03-03 19:22:30 -05:00
refactor RemoteIp middleware - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address. 2011-11-12 02:22:49 -05:00			`# Determines originating IP address. REMOTE_ADDR is the standard`
			`# but will be wrong if the user is behind a proxy. Proxies will set`
			`# HTTP_CLIENT_IP and/or HTTP_X_FORWARDED_FOR, so we prioritize those.`
			`# HTTP_X_FORWARDED_FOR may be a comma-delimited list in the case of`
			`# multiple chained proxies. The last address which is not a known proxy`
			`# will be the originating IP.`
			`def call(env)`
			`client_ip = env['HTTP_CLIENT_IP']`
			`forwarded_ips = ips_from(env, 'HTTP_X_FORWARDED_FOR')`
			`remote_addrs = ips_from(env, 'REMOTE_ADDR')`

			`if client_ip && @check_ip_spoofing && !forwarded_ips.include?(client_ip)`
			`# We don't know which came from the proxy, and which from the user`
			`raise IpSpoofAttackError, "IP spoofing attack?!" \`
			`"HTTP_CLIENT_IP=#{env['HTTP_CLIENT_IP'].inspect}" \`
			`"HTTP_X_FORWARDED_FOR=#{env['HTTP_X_FORWARDED_FOR'].inspect}"`
Move remote_ip to a middleware: * ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies 2010-03-03 19:22:30 -05:00			`end`

refactor RemoteIp middleware - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address. 2011-11-12 02:22:49 -05:00			`remote_ip = client_ip \|\| forwarded_ips.last \|\| remote_addrs.last`
			`env["action_dispatch.remote_ip"] = remote_ip`
			`@app.call(env)`
Move remote_ip to a middleware: * ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies 2010-03-03 19:22:30 -05:00			`end`

refactor RemoteIp middleware - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address. 2011-11-12 02:22:49 -05:00			`protected`
Move remote_ip to a middleware: * ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies 2010-03-03 19:22:30 -05:00
refactor RemoteIp middleware - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address. 2011-11-12 02:22:49 -05:00			`def ips_from(env, header)`
			`ips = env[header] ? env[header].strip.split(/[,\s]+/) : []`
			`ips.reject{\|ip\| ip =~ @trusted_proxies }`
Move remote_ip to a middleware: * ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies 2010-03-03 19:22:30 -05:00			`end`
refactor RemoteIp middleware - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address. 2011-11-12 02:22:49 -05:00
Move remote_ip to a middleware: * ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies 2010-03-03 19:22:30 -05:00			`end`
			`end`