CloudFlare IP Middleware for Rails to ensure HTTP_CF_CONNECTING_IP is used and the clients IP is correct within Rails

application.rb

module RailsAppName
  class Application < Rails::Application
    # .... your settings
    
    require "#{Rails.root}/lib/cloud_flare_middleware"
    config.middleware.insert_before(0, Rack::CloudFlareMiddleware)
    
    # ... your settings
  end
end

cloudflare-middleware.rb

# CloudFlare masks the true IP
# This middleware ensures the Rails stack obtains the correct IP when using request.remote_ip
# See https://support.cloudflare.com/hc/en-us/articles/200170786

module Rack
  class CloudFlareMiddleware
    def initialize(app)
      @app = app
    end

    def call(env)
      if env['HTTP_CF_CONNECTING_IP']
        env['HTTP_REMOTE_ADDR_BEFORE_CF'] = env['REMOTE_ADDR']
        env['HTTP_X_FORWARDED_FOR_BEFORE_CF'] = env['HTTP_X_FORWARDED_FOR']
        env['REMOTE_ADDR'] = env['HTTP_CF_CONNECTING_IP']
        env['HTTP_X_FORWARDED_FOR'] = env['HTTP_CF_CONNECTING_IP']
      end
      @app.call(env)
    end
  end
end

Thank you! ❤️

Thanks for this!
Btw - there is a typo require "#{Rails.root}/lib/cloud_flare_middleware" should be require "#{Rails.root}/lib/cloudflare-middleware"

I see that we are setting environment variables. If I'm trying to make my code thread-safe to use Puma effectively with multi-threading, I guess this code isn't thread-safe right, because we are mutating the global shared space(for threads). What's the solution in this case? How should I proceed to make it thread-safe?

Good one