Context
I am working on an application which detects the user's IP address from the request and restricts them from doing certain actions on a page based on the country they are in.
Problem
When a user makes a request to our application via some Web proxy, we are unable to fetch the original IP address of user's device and hence, the country from it. Examples of web proxies can be a website like hide.me, OR a browser extension such as GeoProxy, etc.
I tried to scan the whole request object inside my Rails controller to see if there is any information about the real IP address of user, but my every attempt seems to return the IP address of web proxy instead. See some results (development mode + ngrok) below:
> request.ip
=> "154.48.196.3" # This is IP address of web proxy i used, while my actual IP address is "119.82.x.x"
> request.remote_ip
=> "154.48.196.3"
> request.remote_addr
=> "127.0.0.1"
> request.env
=> {"GATEWAY_INTERFACE"=>"CGI/1.1",
"PATH_INFO"=>"/shops/alinea",
"QUERY_STRING"=>"",
"REMOTE_ADDR"=>"127.0.0.1",
"REMOTE_HOST"=>"localhost",
"REQUEST_METHOD"=>"GET",
"REQUEST_URI"=>"https://86d3f832.ngrok.io/shops/alinea",
"SERVER_NAME"=>"86d3f832.ngrok.io",
"SERVER_PORT"=>"443",
"SERVER_PROTOCOL"=>"HTTP/1.1",
"SERVER_SOFTWARE"=>"WEBrick/1.3.1 (Ruby/2.1.10/2016-04-01)",
"HTTP_HOST"=>"86d3f832.ngrok.io",
"HTTP_USER_AGENT"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36",
"HTTP_ACCEPT"=>"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
"HTTP_X_FORWARDED_PROTO"=>"https",
"HTTP_X_FORWARDED_FOR"=>"154.48.196.3",
...}
> request.env['HTTP_X_FORWARDED_FOR']
=> "154.48.196.3"
Can someone guide me on how to generate a foolproof solution that will return me the original IP address of users every time, no matter how they try to access our application?
Best solution should cover as many points from this doc as possible.
Configuration
- Ruby v2.1.3
- Rails v3.2.22.5
