For mail to arrive in the right recipient's mailbox, the exact address, including country, city, zip code, and street must be specified. This way, the post office and its employees know where the mail should be sent and how to route it. The same is true on the Internet: any device connected requires an address to communicate with other devices. This address is known as the IP address.
Thus all visitors who visit your website are identified by their IP address, which is mandatory for the exchange of data, but can also serve several other purposes.
Web servers automatically record the activity of your visitors by identifying them by their IP address. These activities can be found in the server's log files, which are extremely useful to understand their behavior on your site and to optimize its structure and the content of your pages.
But IP addresses also make it possible to identify with some precision the geographical position of your visitors. This is called geolocation.
What if most of your visitors are coming from a non-English speaking country while your site is entirely in English? Geolocation allows you to detect such a situation and know which country your visitors are coming from. With such information, you can decide to translate your site, offer these visitors content in their language, or review your linking profile and improve your SEO to get better natural traffic.
The most obvious solution is to call request.ip, which returns the client's IP address. However, when you deploy your application in production and depending on your host's infrastructure, you may get an incorrect result.
For example, if your website is behind a reverse proxy, every call to request.ip will return the proxy's IP address, not the visitor's.
Luckily the request object provides another interesting method: remote_ip. It has to be understood that, even if request is an ActionDispatch::Request object, its method remote_ip is actually a proxy for the ActionDispatch::RemoteIp middleware.
request.remote_ip checks all IPs present in the HTTP header, looking for fields generally used by firewalls, load balancers, or proxies, such as HTTP_X_FORWARDED_FOR, and make a guess to return what seems to be the correct visitor's IP address.
You should use request.remote_ip only if you are behind a proxy or a firewall, or you would be vulnerable to IP spoofing attacks: as request.remote_ip checks for fields in the HTTP header that proxies usually set, and if you are not behind a proxy, then anyone could manually set a false IP address in the headers. Doing so is as simple as this:
So before choosing between request.ip and request.remote_ip to get your visitors' IP addresses, you need to know a little about your host infrastructure. You could eventually analyze the HTTP headers when a request reaches your application to understand from which header you can get the real IP address.
As mentioned above, your visitors' IP address can be used to understand better your audience's demographics, which you can analyze to gain huge advantages in marketing and content targeting.
The less costly approach is to call an external API to translate your visitor's IP addresses to their physical location. Abstract IP Geolocation API provide GPS coordinates, country, city, timezone, and a visitor's currency from its IP address with a simple GET request.
After creating a free account, you obtain your personal API key and can start fetching information. Here is an example of implementation:
Here is an example of a response: