0

I've created an page in ROR, which will be loaded from some website in an IFRAME. And the page will display to some of the whitelisted servers only.

I want to get public IP of server (which is requesting from IFRAME) so that I can return the content to some of the whitelisted IPs.

I've tried this SO answer but it giver server's PRIVATE IP not PUBLIC IP.

Also checked the request variable but it have client IP(IP of the computer accessing the site) not server's public IP.

Using Ruby v2.1.5. and Rails v3.2

Community
  • 1
  • 1
Radix
  • 2,527
  • 1
  • 19
  • 43

2 Answers2

1

You can not do that. It is not the server which is requesting the content of the IFrame but the client.

Pascal
  • 8,464
  • 1
  • 20
  • 31
0

You could use a hacky way to do so. You could explicitly send server IP along with the response. So when you loaded the page, you could cache the IP and then send it along with the request of the iframe page.

For example, you could generate the request url of the iframe as

//www.yourdomain.com/your/path?request_ip=<IP that you cached earlier>

But its just a hacky way and it will only work if you can control the request URL of the IFrame.

Rohit Jangid
  • 1,077
  • 1
  • 8
  • 19
  • This assumes that he has control over the page that includes the iframe. I assume he does not. – Pascal Mar 18 '16 at 08:23
  • One way or other somehow he must be having a control on the iframe request URL otherwise he is out of luck. – Rohit Jangid Mar 18 '16 at 08:25
  • I have control only over the IFRAME page, which is my ruby code, NOT over the page that includes the IFRAME. – Radix Mar 18 '16 at 08:26
  • Also sending IP in the params is a huge security leak, I guess. – Radix Mar 18 '16 at 08:27
  • @AtulKhanduri Yes it is. But since the request is generated from client, Either you can explicitly send the IP or you could use some kind of encoding. You could checkout [HashID](https://github.com/peterhellberg/hashids.rb) gem to encode and decode the ip. – Rohit Jangid Mar 18 '16 at 08:29
  • Well, it would send a public IP (the one of the server) is well known anyway since somebody requested the page. So not really a risk. But easy to manipulate. In short: you can not find out the IP of the server that served the page that contained your iframe. – Pascal Mar 18 '16 at 08:29
  • @Rohit: he has no control over the page including the iframe. So this won't work. – Pascal Mar 18 '16 at 08:30
  • @pascalbetz Yes. Until he is not able to change the request url of the iframe. This wont work – Rohit Jangid Mar 18 '16 at 08:33