2 files changed, 4 insertions, 2 deletions

diff --git a/actionpack/lib/action_controller/metal/compatibility.rb b/actionpack/lib/action_controller/metal/compatibility.rb
index 23e7b1b3af..f94d1c669c 100644
--- a/actionpack/lib/action_controller/metal/compatibility.rb
+++ b/actionpack/lib/action_controller/metal/compatibility.rb
@@ -64,6 +64,8 @@ module ActionController
 
       cattr_accessor :ip_spoofing_check
       self.ip_spoofing_check = true
+
+      cattr_accessor :trusted_proxies
     end
 
     # For old tests
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 5f9463eb91..4190fa21cd 100755
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -246,7 +246,7 @@ module ActionDispatch
       remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/)
 
       unless remote_addr_list.blank?
-        not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
+        not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES || addr =~ ActionController::Base.trusted_proxies}
         return not_trusted_addrs.first unless not_trusted_addrs.empty?
       end
       remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
@@ -265,7 +265,7 @@ EOM
       end
 
       if remote_ips
-        while remote_ips.size > 1 && TRUSTED_PROXIES =~ remote_ips.last.strip
+        while remote_ips.size > 1 && (TRUSTED_PROXIES =~ remote_ips.last.strip || ActionController::Base.trusted_proxies =~ remote_ips.last.strip)
           remote_ips.pop
         end