Security News
Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers
Hacker Demonstrates How Easy It Is To Steal Data From Popular Password Managers
By Jonathan Leitschuh - Aug 19, 2025
remote_ip_proxy_scrubber
Advanced tools
remote_ip_proxy_scrubber
remote_ip Proxy Scrubber
A project that makes it as easy as possible to prevent Rails from logging IP addresses that belong to proxy devices in your HTTP request chain.
Because Rails has pretty dramatically changed how these sorts of IPs are filtered over the years, this project's ultimate goal is to make life easy on as many Rails versions as possible.
Common Use-cases
Usage
Let's say you've got proxy servers running outside of the local network where your Rails app is running. In this example, we'll say the IP addresses of these proxy servers are in these IP ranges: 17.0.0.4/30, 17.17.0.8/30
Fixing request.remote_ip
Without this gem, calls to request.remote_ip from your Rails app will return the IP addresses from your proxy servers. Adding the code, below, ensures that request.remote_ip will never return the IP addresses of your proxy servers, and assuming the servers that first process requests from your clients is adding an appropriate X-Forwarded-For header, request.remote_ip will return the real IP address of your clients!
# Add the following to config/application.rb or conifg/environments/*.rb
config.middleware.insert_before(Rails::Rack::Logger, RemoteIpProxyScrubber.filter_middleware, [
"17.0.0.4/30",
"17.17.0.8/30",
])
Fixing Rails logs
Oddly enough, even with request.remote_ip returning the correct value, Rails log will still contain IP addresses from your proxy servers. To fix this, you'll need to tell Rails to use a different logger.
# Add the following to config/application.rb or conifg/environments/*.rb
config.middleware.insert_before(Rails::Rack::Logger, RemoteIpProxyScrubber.patched_logger)
config.middleware.delete(Rails::Rack::Logger)
Questions? Contributions?
If this gem isn't working for you, feel free to open up an Issue, or a Pull Request if you've got a proposed solution! I maintain this project in my spare time, so your patience is appreciated.
Credit
Thanks to Haiku Learning for sponsoring the initial development of this gem. We're scratching our own itch, but hopefully it's helpful for you too!
FAQs
Unknown package
We found that remote_ip_proxy_scrubber demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 31 Mar 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Oxlint Introduces Type-Aware Linting Preview
Oxlint’s new preview brings type-aware linting powered by typescript-go, combining advanced TypeScript rules with native-speed performance.
By Sarah Gooding - Aug 18, 2025
Security News
New Website “Is It Really FOSS?” Tracks Transparency in Open Source Distribution Models
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
By Sarah Gooding - Aug 15, 2025