Restore original remote_ip algorithm.

Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.

[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/

Fixes #7979

0 files changed, 0 insertions, 0 deletions