Skip to content

ActionDispatch remote_ip returns wrong client IP when deployed internally behind a load balancer/reverse proxy #28436

@jkuchta

Description

@jkuchta

Steps to reproduce

Create a rails app with a page that outputs request.remote_ip. Set your X-Forwarded-For header to a private IP (ex. 10.1.0.1). The IP displayed will not match the X-Forwarded-For header unless it is a non-private IP.

Expected behavior

This should be configurable, I'm sure there are many instances of Rails being run internally as a service (behind a reverse proxy or load balancer). In these instances, all client IPs are being reported incorrectly as the IP of the proxy or load balancer.

Actual behavior

The remote_ip being reported is from the load balancer or proxy.

System configuration

Rails version: 4.x, 5.x

Ruby version:
2.3.x

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions