Class: ActionDispatch::RemoteIp::RemoteIpGetter

Inherits:
Object
  • Object
show all
Defined in:
lib/action_dispatch/middleware/remote_ip.rb

Instance Method Summary collapse

Constructor Details

#initialize(env, check_ip_spoofing, trusted_proxies) ⇒ RemoteIpGetter

Returns a new instance of RemoteIpGetter.



6
7
8
9
10
 
# File 'lib/action_dispatch/middleware/remote_ip.rb', line 6

def initialize(env, check_ip_spoofing, trusted_proxies)
  @env = env
  @check_ip_spoofing = check_ip_spoofing
  @trusted_proxies = trusted_proxies
end

Instance Method Details

#remote_addrsObject 



12
13
14
15
16
17
 
# File 'lib/action_dispatch/middleware/remote_ip.rb', line 12

def remote_addrs
  @remote_addrs ||= begin
    list = @env['REMOTE_ADDR'] ? @env['REMOTE_ADDR'].split(/[,\s]+/) : []
    list.reject { |addr| addr =~ @trusted_proxies }
  end
end

#to_sObject 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/action_dispatch/middleware/remote_ip.rb', line 19

def to_s
  return remote_addrs.first if remote_addrs.any?

  forwarded_ips = @env['HTTP_X_FORWARDED_FOR'] ? @env['HTTP_X_FORWARDED_FOR'].strip.split(/[,\s]+/) : []

  if client_ip = @env['HTTP_CLIENT_IP']
    if @check_ip_spoofing && !forwarded_ips.include?(client_ip)
      # We don't know which came from the proxy, and which from the user
      raise IpSpoofAttackError, "IP spoofing attack?!" \
        "HTTP_CLIENT_IP=#{@env['HTTP_CLIENT_IP'].inspect}" \
        "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}"
    end
    return client_ip
  end

  return forwarded_ips.reject { |ip| ip =~ @trusted_proxies }.last || @env["REMOTE_ADDR"]
end