UnXF - Un-X-Forward* the Rack environment

Rack middleware to remove "HTTP_X_FORWARDED_FOR" in the Rack environment and replace "REMOTE_ADDR" with the value of the original client address.

This uses the "rpatricia" RubyGem to filter out spoofed requests from clients outside your LAN. The list of trusted address defaults to private LAN addresses defined RFC 1918 and those belonging to localhost.

This will also read "HTTP_X_FORWARDED_PROTO" and set "rack.url_scheme" to "https" if the "X-Forwarded-Proto" header is set properly and sent from a trusted address chain.


If you use RubyGems:

gem install unxf

You will need a C compiler and Ruby development headers to install the "rpatricia" RubyGem if it is not already installed.


You can get the latest source via git from the following locations:

You may browse the code from the web and download the latest snapshot tarballs here:

Inline patches (from "git format-patch" and "git send-email") to the mailing list at are preferred because they allow code review and comments in the reply to the patch.

We will adhere to mostly the same conventions for patch submissions as git itself. See the Documentation/SubmittingPatches document distributed with git on on patch submission guidelines to follow. Just don't email the git mailing list or maintainer with unxf patches.


All feedback (bug reports, user/development discussion, patches, pull requests) go to the mailing list at No subscription is necessary to post, but HTML email is never allowed. All messages to the mailing list are archived forever at:

mail archives:
source code: git clone
	git clone git://