Menu
I just recently started using CloudFlare and still have the lingering issue of getting CloudFlare's proxy IP addresses instead of my visitor's address. CloudFlare has many solutions for this, but I haven't seen any for Rails.
I'm using Rails 3.2.17.
It looks like if I initialize ActionDispatch::RemoteIp with the custom_proxies argument set to the proper regular expression that contains all of CloudFlare's IP ranges (along with all of the standard local and private ranges), it might solve my issue.
Questions:
1) Is this the right approach?
CloudFlare has a crap ton of IP ranges that all need to be converted to regular expressions. These ranges could change in the future, even though CloudFlare says they don't often, and I'd probably not know so it seems kind of brittle.
2) How do I initialize ActionDispatch::RemoteIP with the custom_proxies argument?
677
Some ISP customers, such as large enterprises, will pay to maintain a static IP address (for example, Cloudflare's 1.1. 1.1). However, for most users, having a dynamic IP address is sufficient. When hosting a web server, such as a self-hosted website, API or gaming server, a dynamic IP address can create problems.
Static IP addresses: Cloudflare sets static IP addresses for your domain. For more details, contact your account team.
Using CloudFlare doesn't change your server IP address. If you're doing lookups against the domain, however, our IPs are going to show because we act as a reverse proxy for your site (doing a dig, ping, traceroute, etc. to the domain will show our IPs).
Go to Censys search and simply enter the domain name you want to find the details about. You will instantly be able to see the true host along with the real IP address of the website. So, that's how you can find out the IP address of a website that uses Cloudflare services.
You can use the Rack middleware from the remote_ip_proxy_scrubber gem to make sure your Rails app ignores IP addresses from trusted proxy servers like CloudFlare.
First, add the gem to your Gemfile and then bundle install
gem 'remote_ip_proxy_scrubber'
Now you'll need the updated list of CloudFlare IP addresses: https://www.cloudflare.com/ips-v4
Using that list of CloudFlare IPs, add the following to config/application.rb or conifg/environments/*.rb
# Make sure CloudFlare IP addresses are
# removed from the X-Forwarded-For header
# before our app sees them
config.middleware.insert_before(Rails::Rack::Logger,
RemoteIpProxyScrubber.filter_middleware,
%w{
199.27.128.0/21
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12
172.64.0.0/13
})
# Make sure the customer's real IP address (remote_ip)
# is used in our Rails logs.
config.middleware.insert_before(Rails::Rack::Logger, RemoteIpProxyScrubber.patched_logger)
config.middleware.delete(Rails::Rack::Logger)
Tracking changes to the list of CloudFlare IPs hasn't been too problematic for our company thus far.
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
