Steps to reproduce
Create a rails app with a page that outputs request.remote_ip. Set your X-Forwarded-For header to a private IP (ex. 10.1.0.1). The IP displayed will not match the X-Forwarded-For header unless it is a non-private IP.
Expected behavior
This should be configurable, I'm sure there are many instances of Rails being run internally as a service (behind a reverse proxy or load balancer). In these instances, all client IPs are being reported incorrectly as the IP of the proxy or load balancer.
Actual behavior
The remote_ip being reported is from the load balancer or proxy.
System configuration
Rails version: 4.x, 5.x
Ruby version:
2.3.x