How should I set the real IP address when using Cl

2019-05-07 16:35发布

站内问答 / 前沿技术
1675 3 5

I just recently started using CloudFlare and still have the lingering issue of getting CloudFlare's proxy IP addresses instead of my visitor's address. CloudFlare has many solutions for this, but I haven't seen any for Rails.

I'm using Rails 3.2.17.

It looks like if I initialize ActionDispatch::RemoteIp with the custom_proxies argument set to the proper regular expression that contains all of CloudFlare's IP ranges (along with all of the standard local and private ranges), it might solve my issue.

Questions:

1) Is this the right approach?

CloudFlare has a crap ton of IP ranges that all need to be converted to regular expressions. These ranges could change in the future, even though CloudFlare says they don't often, and I'd probably not know so it seems kind of brittle.

2) How do I initialize ActionDispatch::RemoteIP with the custom_proxies argument?

3条回答
倾城 Initia
2楼-- · 2019-05-07 17:15

You can use the Rack middleware from the remote_ip_proxy_scrubber gem to make sure your Rails app ignores IP addresses from trusted proxy servers like CloudFlare.

First, add the gem to your Gemfile and then bundle install

gem 'remote_ip_proxy_scrubber'

Now you'll need the updated list of CloudFlare IP addresses: https://www.cloudflare.com/ips-v4

Using that list of CloudFlare IPs, add the following to config/application.rb or conifg/environments/*.rb

# Make sure CloudFlare IP addresses are
# removed from the X-Forwarded-For header
# before our app sees them
config.middleware.insert_before(Rails::Rack::Logger,
   RemoteIpProxyScrubber.filter_middleware, 
   %w{
     199.27.128.0/21
     173.245.48.0/20
     103.21.244.0/22
     103.22.200.0/22
     103.31.4.0/22
     141.101.64.0/18
     108.162.192.0/18
     190.93.240.0/20
     188.114.96.0/20
     197.234.240.0/22
     198.41.128.0/17
     162.158.0.0/15
     104.16.0.0/12
     172.64.0.0/13
  })

# Make sure the customer's real IP address (remote_ip)
# is used in our Rails logs.
config.middleware.insert_before(Rails::Rack::Logger, RemoteIpProxyScrubber.patched_logger)
config.middleware.delete(Rails::Rack::Logger)

Tracking changes to the list of CloudFlare IPs hasn't been too problematic for our company thus far.

  1. As a CloudFlare customer, we received an email from CloudFlare before their most recent addition IP addresses
  2. There's also an IFTTT recipe you can use to get an email notification when CloudFlare adds new IP addresses.
查看更多
0人赞 添加讨论(0) 举报
啃猪蹄的小仙女
3楼-- · 2019-05-07 17:21

Since Cloudflare abides to best-practices, and uses the X-Forwarded-For HTTP header, you just need to make sure to use it properly.

Specifically for rails, this has already been asked several times, such as What's the difference between request.remote_ip and request.ip in Rails?

查看更多
0人赞 添加讨论(0) 举报
手持菜刀,她持情操
4楼-- · 2019-05-07 17:33

"These ranges could change in the future, even though CloudFlare says they don't often,"

The more likely thing is that we would add new ranges to our existing ranges (we also don't use new ips for quite some time so that people can adjust to the new ranges).

"Since Cloudflare abides to best-practices, and uses the X-Forwarded-For HTTP header, you just need to make sure to use it properly."

This is also correct:)

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)