Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

request.remote_ip appears to return the wrong IP address #7979

Closed
indirect opened this issue Oct 17, 2012 · 3 comments · Fixed by #33489 or #7980
Closed

request.remote_ip appears to return the wrong IP address #7979

indirect opened this issue Oct 17, 2012 · 3 comments · Fixed by #33489 or #7980
Labels
actionpack

Comments

@indirect
Copy link
Member

The last commit to the remote IP middleware appears to have deliberately reversed the algorithm that picks the remote IP out of a list of proxies. Unfortunately, the previous algorithm (which I wrote, and used in production with a few hundred thousand clients :P) is the one that agrees with the written spec for how X-Forwarded-For is supposed to work.

tl;dr plz to revert that part of the commit, I would like to be able to upgrade Rails and still have remote_ip return the right IP address.
@steveklabnik steveklabnik mentioned this issue Oct 18, 2012
Merged
steveklabnik added a commit to steveklabnik/rails that referenced this issue Nov 17, 2012
@steveklabnik
Restore original remote_ip algorithm.
cc8556e 
We incorrectly were using the first address, rather than the last one.

Added config option for X_FORWARDED_FOR header

We don't need to filter values from X_FORWARDED_FOR header.
Client IP can be only first IP in list by specification and only last
for ruby servers and Apache. We should return nil if it's proxy IP or
invalid IP instead of client IP.

Fixes rails#7979
@whitecat
Copy link

This is still an issue. From stack overflow posts: https://stackoverflow.com/questions/5636032/request-remote-ip-returns-wrong-ip
https://stackoverflow.com/questions/4465476/rails-get-client-ip-address
https://stackoverflow.com/questions/19317255/rails-how-to-obtain-visitors-ip-address
https://stackoverflow.com/questions/1226959/how-to-get-client-ip-and-server-ip-using-rails

All of these questions point to using request.remote_ip. But that returns an incorrect IP address sometimes. I use the following code to get a correct IP address.

    begin
      response = open('https://jsonip.com/').read
      data = JSON.parse(response)
      ip_address = data['ip']
    rescue
      ip_address = request.remote_ip
    end

Is there any possibility to fix this in a future release?

@rohitpbhore
Copy link

rohitpbhore commented Jul 31, 2018
edited

Please check if this can help. Modify/override remote_ip.
https://stackoverflow.com/questions/20124292/how-to-log-real-client-ip-in-rails-log-when-behind-proxy-like-nginx#51440551

@sikachu
Copy link
Member

sikachu commented Jul 31, 2018

Looks like #24521 is to fix this issue? Will any of you be willing to move that PR forward?

@Atul9 Atul9 mentioned this issue Jul 31, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
actionpack
Projects
None yet
Milestone
No milestone
5 participants
@indirect @sikachu @whitecat @guilleiguaran @rohitpbhore