Trusted proxies are configurable #2632

merged 1 commit into from Feb 7, 2012


None yet

8 participants


With this change, the default trusted_proxies pattern can be replaced entirely when configured with a Regexp, or appended to when configured with a String.

This allows developers to create a more specific pattern for their network, preventing local clients from being filtered as proxies.

When configured with a Regexp

HelloWorld::Application.config.action_dispatch.trusted_proxies = /1\.2\.3\.4/

The ActionDispatch::RemoteIp middleware instance (and its RemoteIpGetter) will have the Regexp above assigned to its @trusted_proxies instance variable.


When configured with nil, or not explicitly configured

HelloWorld::Application.config.action_dispatch.trusted_proxies = nil

The default Regexp matching private IP addresses will be assigned to @trusted_proxies.


When configured with a String

HelloWorld::Application.config.action_dispatch.trusted_proxies = ""

The String will be combined with the default Regexp matching private IP addresses and assigned to @trusted_proxies.


Nice fix. It would certainly solve our problems with getting a users IP when the user, proxy and app server are all on the LAN. We've had to fall back to reading X_FORWARDED_FOR directly.

Zequez commented Nov 13, 2011

Very useful, I hope someone merge it soon ^^

arunagw commented Jan 31, 2012

@gsterndale your PR needs a rebase. I think some cod changes is done in the same file.


Thanks @arunagw rebased.

arunagw commented Feb 7, 2012
@josevalim josevalim merged commit 641359e into rails:master Feb 7, 2012

Will this be included in 3.2.2 final?


It would be nice to get this into 3.2.x at some point. I've been monkey-patching this for months. @spastorino can you do anything?


Looks like this never made it in to 3.2.16 even though it was merged to master 2 years ago?! confused

robin850 commented Feb 5, 2014

@courtland @donaldpiret : If you look at the merge commit, you can see just under the message the releases that include it. Moreover, 3.2.x don't receive any new fixes anymore (apart from security ones).


@robin850 Thanks for clarifying, that makes sense!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment