From 9432163c60fc4387d1dfb11ca7c92a08ce72f1c2 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Fri, 11 Nov 2011 21:22:49 -1000
Subject: refactor RemoteIp middleware

- return the last forwarded IP before REMOTE_ADDR to handle proxies
- remove completely superfluous RemoteIpGetter class
- remove duplication of trusted proxies regexp
- remove unused constant from Request
- move comments from Request to where they are actually relevant
- edit comments for clarity of purpose

The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address.
---
 actionpack/lib/action_dispatch/http/request.rb | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

(limited to 'actionpack/lib/action_dispatch/http/request.rb')

diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 7a5237dcf3..69ca050d0c 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -155,24 +155,7 @@ module ActionDispatch
       @ip ||= super
     end
 
-    # Which IP addresses are "trusted proxies" that can be stripped from
-    # the right-hand-side of X-Forwarded-For.
-    #
-    # http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces.
-    TRUSTED_PROXIES = %r{
-      ^127\.0\.0\.1$                | # localhost
-      ^(10                          | # private IP 10.x.x.x
-        172\.(1[6-9]|2[0-9]|3[0-1]) | # private IP in the range 172.16.0.0 .. 172.31.255.255
-        192\.168                      # private IP 192.168.x.x
-       )\.
-    }x
-
-    # Determines originating IP address. REMOTE_ADDR is the standard
-    # but will fail if the user is behind a proxy. HTTP_CLIENT_IP and/or
-    # HTTP_X_FORWARDED_FOR are set by proxies so check for these if
-    # REMOTE_ADDR is a proxy. HTTP_X_FORWARDED_FOR may be a comma-
-    # delimited list in the case of multiple chained proxies; the last
-    # address which is not trusted is the originating IP.
+    # Originating IP address, usually set by the RemoteIp middleware.
     def remote_ip
       @remote_ip ||= (@env["action_dispatch.remote_ip"] || ip).to_s
     end
-- 
cgit v1.2.3