Determines originating IP address. REMOTE_ADDR is the standard but will fail if the user is behind a proxy. HTTP_CLIENT_IP and/or HTTP_X_FORWARDED_FOR are set by proxies so check for these if REMOTE_ADDR is a proxy. HTTP_X_FORWARDED_FOR may be a comma- delimited list in the case of multiple chained proxies; the last address which is not trusted is the originating IP.
# File actionpack/lib/action_dispatch/http/request.rb, line 180 def remote_ip @remote_ip ||= (@env["action_dispatch.remote_ip"] || ip).to_s end