问题描述
我刚刚开始使用CloudFlare,并且仍然存在让CloudFlare的代理IP地址而不是我的访问者地址的问题。 CloudFlare有许多,但我没有看到任何Rails。
我正在使用Rails 3.2.17。
它看起来像是我初始化ActionDispatch :: RemoteIp并将custom_proxies参数设置为包含所有(以及所有标准的本地和私有范围),它可能会解决我的问题。
这是正确的做法吗?
CloudFlare有一大堆IP范围所有这些都需要转换成正则表达式。这些范围可能会在将来发生变化,即使CloudFlare说他们不经常,我可能不知道它看起来有点脆弱。
$ b 2)如何我是否使用custom_proxies参数初始化ActionDispatch :: RemoteIP?
您可以使用,以确保您的Rails应用程序忽略来自像CloudFlare这样的可信代理服务器的IP地址。
首先,将gem添加到您的Gemfile中,然后添加 bundle install
gem'remote_ip_proxy_scrubber'
现在您需要更新的CloudFlare IP地址列表:
使用该CloudFlare IP列表,将以下内容添加到config / application.rb或conifg / e #确保CloudFlare IP地址是
#从X-Forwarded-For头中删除
#在我们的应用程序看到它们之前
config.middleware.insert_before(Rails :: Rack :: Logger,
RemoteIpProxyScrubber.filter_middleware,
%w {
199.27.128.0 / 21
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/ 15
104.16.0.0/12
172.64.0.0/13
})
#确保客户的真实IP地址(remote_ip)
#是在我们的Rails日志中使用。
config.middleware.insert_before(Rails :: Rack :: Logger,RemoteIpProxyScrubber.patched_logger)
config.middleware.delete(Rails :: Rack :: Logger)
到目前为止,跟踪对CloudFlare IP列表的更改对我们公司而言并没有太大问题。
- 作为CloudFlare的客户,我们收到CloudFlare发送的电子邮件,其中包含最新添加的IP地址
- 还有一个IFTTT配方 a>当CloudFlare添加新的IP地址时,您可以使用它来获取电子邮件通知。
I just recently started using CloudFlare and still have the lingering issue of getting CloudFlare's proxy IP addresses instead of my visitor's address. CloudFlare has many solutions for this, but I haven't seen any for Rails.
I'm using Rails 3.2.17.
It looks like if I initialize ActionDispatch::RemoteIp with the custom_proxies argument set to the proper regular expression that contains all of CloudFlare's IP ranges (along with all of the standard local and private ranges), it might solve my issue.
Questions:
1) Is this the right approach?
CloudFlare has a crap ton of IP ranges that all need to be converted to regular expressions. These ranges could change in the future, even though CloudFlare says they don't often, and I'd probably not know so it seems kind of brittle.
2) How do I initialize ActionDispatch::RemoteIP with the custom_proxies argument?
You can use the Rack middleware from the remote_ip_proxy_scrubber gem to make sure your Rails app ignores IP addresses from trusted proxy servers like CloudFlare.
First, add the gem to your Gemfile and then bundle install
gem 'remote_ip_proxy_scrubber'
Now you'll need the updated list of CloudFlare IP addresses: https://www.cloudflare.com/ips-v4
Using that list of CloudFlare IPs, add the following to config/application.rb or conifg/environments/*.rb
# Make sure CloudFlare IP addresses are
# removed from the X-Forwarded-For header
# before our app sees them
config.middleware.insert_before(Rails::Rack::Logger,
RemoteIpProxyScrubber.filter_middleware,
%w{
199.27.128.0/21
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12
172.64.0.0/13
})
# Make sure the customer's real IP address (remote_ip)
# is used in our Rails logs.
config.middleware.insert_before(Rails::Rack::Logger, RemoteIpProxyScrubber.patched_logger)
config.middleware.delete(Rails::Rack::Logger)
Tracking changes to the list of CloudFlare IPs hasn't been too problematic for our company thus far.
- As a CloudFlare customer, we received an email from CloudFlare before their most recent addition IP addresses
- There's also an IFTTT recipe you can use to get an email notification when CloudFlare adds new IP addresses.
这篇关于使用CloudFlare,Heroku和RoR时,如何设置真实IP地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!