class ActionDispatch::RemoteIp::RemoteIpGetter
def initialize(env, check_ip_spoofing, trusted_proxies)
def initialize(env, check_ip_spoofing, trusted_proxies) @env = env @check_ip_spoofing = check_ip_spoofing @trusted_proxies = trusted_proxies end
def remote_addrs
def remote_addrs @remote_addrs ||= begin list = @env['REMOTE_ADDR'] ? @env['REMOTE_ADDR'].split(/[,\s]+/) : [] list.reject { |addr| addr =~ @trusted_proxies } end end
def to_s
def to_s return remote_addrs.first if remote_addrs.any? forwarded_ips = @env['HTTP_X_FORWARDED_FOR'] ? @env['HTTP_X_FORWARDED_FOR'].strip.split(/[,\s]+/) : [] if client_ip = @env['HTTP_CLIENT_IP'] if @check_ip_spoofing && !forwarded_ips.include?(client_ip) # We don't know which came from the proxy, and which from the user raise IpSpoofAttackError, "IP spoofing attack?!" \ "HTTP_CLIENT_IP=#{@env['HTTP_CLIENT_IP'].inspect}" \ "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}" end return client_ip end return forwarded_ips.reject { |ip| ip =~ @trusted_proxies }.last || @env["REMOTE_ADDR"] end