Cloudflare origin IP and Rack Attack Rails

Question

I have a problem where I seem to be unable to access Cloudflare's header that passes the client origin IP when it proxies requests.

The header should be HTTP_CF_CONNECTING_IP according to Cloudflare's docs and my site is hosted on Heroku.

I have the following Rack Attack setup but even when live in production HTTP_CF_CONNECTING_IP isn't logging at all.

class Rack::Attack
  Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new

  class Request < ::Rack::Request
    def remote_ip      
      @remote_ip ||= (env['HTTP_CF_CONNECTING_IP'] || env['action_dispatch.remote_ip'] || ip).to_s    
    end
  end

  track('Log all requests') do |req|
    puts req.ip # returns an IP
    puts req.env['action_dispatch.remote_ip'] # returns the same IP as req.ip
    puts req.env['HTTP_CF_CONNECTING_IP'] # doesn't show anything
    req.remote_ip
  end
end

I am using a free version of Cloudflare and wondered if that made any difference but at the moment it's making it impossible to use Rack Attack as I seem to just block everyone.

Any help would be much appreciated.

Answer 1

I faced this throttling all issue on one of the project with exact same configuration i.e Heroku, CloudFlare and RackAttack.

The issue was all the requests were proxied via CloudFlare and hence reaching the max limit and getting throttled.

I used the same remote_ip method that you posted in the question but somehow I was able to fetch the remote_ip from env['HTTP_CF_CONNECTING_IP']

I was on a premium CF plan(Even I am not if this is helpful). You may refer this blog Restoring original visitor IPs If the problem still persists.

Also I found this blog really helpful How to mitigate DDoS using Rack::Attack