class ActionDispatch::RemoteIp::GetIp
called, this class will calculate the value and then memoize it.
an actual IP address. If the ActionDispatch::Request#remote_ip method is
The GetIp class exists as a way to defer processing of the request data into
def calculate_ip
list of IPs, remove known and trusted proxies, and then take the last address
In order to find the first address that is (probably) accurate, we take the
could also have been set by the client maliciously.
while the first IP in the list is likely to be the "originating" IP, it
Spoofing](https://web.archive.org/web/20170626095448/https://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/),
As discussed in [this post about Rails IP
instead, so we check that too.
contain a list of IPs. Other proxy services set the `Client-Ip` header
an `X-Forwarded-For` header. If there are multiple proxies, that header may
HAProxy or NGINX, the IP address that made the original request will be put in
process, on e.g. Heroku. When the request is proxied by another server like
REMOTE_ADDR will be correct if the request is made directly against the Ruby
be the address of the actual remote client making this request.
Sort through the various IP address headers, looking for the IP most likely to
def calculate_ip # Set by the Rack web server, this is a single value. remote_addr = ips_from(@req.remote_addr).last # Could be a CSV list and/or repeated headers that were concatenated. client_ips = ips_from(@req.client_ip).reverse! forwarded_ips = ips_from(@req.x_forwarded_for).reverse! # `Client-Ip` and `X-Forwarded-For` should not, generally, both be set. If they # are both set, it means that either: # # 1) This request passed through two proxies with incompatible IP header # conventions. # # 2) The client passed one of `Client-Ip` or `X-Forwarded-For` # (whichever the proxy servers weren't using) themselves. # # Either way, there is no way for us to determine which header is the right one # after the fact. Since we have no idea, if we are concerned about IP spoofing # we need to give up and explode. (If you're not concerned about IP spoofing you # can turn the `ip_spoofing_check` option off.) should_check_ip = @check_ip && client_ips.last && forwarded_ips.last if should_check_ip && !forwarded_ips.include?(client_ips.last) # We don't know which came from the proxy, and which from the user raise IpSpoofAttackError, "IP spoofing attack?! " \ "HTTP_CLIENT_IP=#{@req.client_ip.inspect} " \ "HTTP_X_FORWARDED_FOR=#{@req.x_forwarded_for.inspect}" end # We assume these things about the IP headers: # # - X-Forwarded-For will be a list of IPs, one per proxy, or blank # - Client-Ip is propagated from the outermost proxy, or is blank # - REMOTE_ADDR will be the IP that made the request to Rack ips = forwarded_ips + client_ips ips.compact! # If every single IP option is in the trusted list, return the IP that's # furthest away filter_proxies(ips + [remote_addr]).first || ips.last || remote_addr end
def filter_proxies(ips) # :doc:
def filter_proxies(ips) # :doc: ips.reject do |ip| @proxies.any? { |proxy| proxy === ip } end end
def initialize(req, check_ip, proxies)
def initialize(req, check_ip, proxies) @req = req @check_ip = check_ip @proxies = proxies end
def ips_from(header) # :doc:
def ips_from(header) # :doc: return [] unless header # Split the comma-separated list into an array of strings. ips = header.strip.split(/[,\s]+/) ips.select! do |ip| # Only return IPs that are valid according to the IPAddr#new method. range = IPAddr.new(ip).to_range # We want to make sure nobody is sneaking a netmask in. range.begin == range.end rescue ArgumentError nil end ips end
def to_s
Memoizes the value returned by #calculate_ip and returns it for
def to_s @ip ||= calculate_ip end