class ActionDispatch::RemoteIp
def initialize(app, ip_spoofing_check = true, custom_proxies = nil)
`custom_proxies` parameter. That way, the middleware will ignore those IP
proxy servers after it. If your proxies aren't removed, pass them in via the
the middle (or at the beginning) of the `X-Forwarded-For` list, with your
instead of `TRUSTED_PROXIES`. Any proxy setup will put the value you want in
The `custom_proxies` argument can take an enumerable which will be used
way (like AWS ELB).
WAP devices), or behind proxies that set headers in an incorrect or confusing
It makes sense to turn off this check on sites aimed at non-IP clients (like
raised if it looks like the client is trying to lie about its own IP address.
The `ip_spoofing_check` option is on by default. When on, an exception is
Create a new `RemoteIp` middleware instance.
def initialize(app, ip_spoofing_check = true, custom_proxies = nil) @app = app @check_ip = ip_spoofing_check @proxies = if custom_proxies.blank? TRUSTED_PROXIES elsif custom_proxies.respond_to?(:any?) custom_proxies else raise(ArgumentError, <<~EOM) Setting config.action_dispatch.trusted_proxies to a single value isn't supported. Please set this to an enumerable instead. For example, instead of: config.action_dispatch.trusted_proxies = IPAddr.new("10.0.0.0/8") Wrap the value in an Array: config.action_dispatch.trusted_proxies = [IPAddr.new("10.0.0.0/8")] Note that passing an enumerable will *replace* the default set of trusted proxies. EOM end end