method

remote_ip

v2.0.3 - Show latest stable - 0 notes - Class: ActionController::AbstractRequest

1.0.0 (0)
1.1.6 (0)
1.2.6 (0)
2.0.3 (2)
2.1.0 (0)
2.2.1 (0)
2.3.8
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1
5.1.7
5.2.3
6.0.0
6.1.3.1
6.1.7.7
7.0.0
7.1.3.2
7.1.3.4
What's this?

remote_ip() public

Determine originating IP address. REMOTE_ADDR is the standard but will fail if the user is behind a proxy. HTTP_CLIENT_IP and/or HTTP_X_FORWARDED_FOR are set by proxies so check for these if REMOTE_ADDR is a proxy. HTTP_X_FORWARDED_FOR may be a comma- delimited list in the case of multiple chained proxies; the last address which is not trusted is the originating IP.

Show source

# File actionpack/lib/action_controller/request.rb, line 136
    def remote_ip
      if TRUSTED_PROXIES !~ @env['REMOTE_ADDR']
        return @env['REMOTE_ADDR']
      end

      if @env.include? 'HTTP_CLIENT_IP'
        if @env.include? 'HTTP_X_FORWARDED_FOR'
          # We don't know which came from the proxy, and which from the user
          raise ActionControllerError.new("IP spoofing attack?!\nHTTP_CLIENT_IP=\#{@env['HTTP_CLIENT_IP'].inspect}\nHTTP_X_FORWARDED_FOR=\#{@env['HTTP_X_FORWARDED_FOR'].inspect}\n")
        end
        return @env['HTTP_CLIENT_IP']
      end

      if @env.include? 'HTTP_X_FORWARDED_FOR' then
        remote_ips = @env['HTTP_X_FORWARDED_FOR'].split(',')
        while remote_ips.size > 1 && TRUSTED_PROXIES =~ remote_ips.last.strip
          remote_ips.pop
        end

        return remote_ips.last.strip
      end

      @env['REMOTE_ADDR']
    end

remote_ip

Related methods