From 7e71a007c3de40b5919f48015b51533a5dd9b855 Mon Sep 17 00:00:00 2001 From: effect305 Date: Thu, 21 Apr 2016 11:06:55 +0300 Subject: [PATCH 1/3] proxy and non-heroku ip address capture --- app/controllers/users_controller.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index dedf6652b..33fd6da1a 100755 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -67,8 +67,11 @@ def handle_ip # Prevent someone from gaming the site by referring themselves. # Presumably, users are doing this from the same device so block # their ip after their ip appears three times in the database. + # Using split.first in case client is behind proxy to get his ip. + # If app is deployed on standalone server use request.remote_ip to + # get client ip address. - address = request.env['HTTP_X_FORWARDED_FOR'] + address = request.env['HTTP_X_FORWARDED_FOR'].try(:split).try(:first) || request.remote_ip return if address.nil? current_ip = IpAddress.find_by_address(address) From c3ed6c2b182c387e07ce2eb04727ce9e97b53f0b Mon Sep 17 00:00:00 2001 From: effect305 Date: Thu, 21 Apr 2016 22:21:30 +0300 Subject: [PATCH 2/3] split forwarded ips with comma --- app/controllers/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 33fd6da1a..747d6b6b2 100755 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -71,7 +71,7 @@ def handle_ip # If app is deployed on standalone server use request.remote_ip to # get client ip address. - address = request.env['HTTP_X_FORWARDED_FOR'].try(:split).try(:first) || request.remote_ip + address = request.env['HTTP_X_FORWARDED_FOR'].try(:split, ', ').try(:first) || request.remote_ip return if address.nil? current_ip = IpAddress.find_by_address(address) From 66e4cdfb345a58b070267b0327cc51bf50410177 Mon Sep 17 00:00:00 2001 From: effect305 Date: Fri, 22 Apr 2016 00:50:37 +0300 Subject: [PATCH 3/3] refactored request ip parsing --- app/controllers/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 747d6b6b2..b2de5dc81 100755 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -71,7 +71,7 @@ def handle_ip # If app is deployed on standalone server use request.remote_ip to # get client ip address. - address = request.env['HTTP_X_FORWARDED_FOR'].try(:split, ', ').try(:first) || request.remote_ip + address = request.env.fetch('HTTP_X_FORWARDED_FOR', request.remote_ip).split(', ').first return if address.nil? current_ip = IpAddress.find_by_address(address)