With this change, the default trusted_proxies pattern can be replaced entirely when configured with a Regexp, or appended to when configured with a String.
This allows developers to create a more specific pattern for their network, preventing local clients from being filtered as proxies.
When configured with a Regexp
HelloWorld::Application.config.action_dispatch.trusted_proxies = /1\.2\.3\.4/
The ActionDispatch::RemoteIp middleware instance (and its RemoteIpGetter) will have the Regexp above assigned to its @trusted_proxies instance variable.
When configured with nil, or not explicitly configured
HelloWorld::Application.config.action_dispatch.trusted_proxies = nil
The default Regexp matching private IP addresses will be assigned to @trusted_proxies.
When configured with a String
HelloWorld::Application.config.action_dispatch.trusted_proxies = "188.8.131.52"
The String will be combined with the default Regexp matching private IP addresses and assigned to @trusted_proxies.
Nice fix. It would certainly solve our problems with getting a users IP when the user, proxy and app server are all on the LAN. We've had to fall back to reading X_FORWARDED_FOR directly.
Very useful, I hope someone merge it soon ^^
@gsterndale your PR needs a rebase. I think some cod changes is done in the same file.
Trusted proxies is replaced with a Regexp or appended to with a String
Thanks @arunagw rebased.
Will this be included in 3.2.2 final?
It would be nice to get this into 3.2.x at some point. I've been monkey-patching this for months. @spastorino can you do anything?
Looks like this never made it in to 3.2.16 even though it was merged to master 2 years ago?! confused
@courtland @donaldpiret : If you look at the merge commit, you can see just under the message the releases that include it. Moreover, 3.2.x don't receive any new fixes anymore (apart from security ones).
@robin850 Thanks for clarifying, that makes sense!