Rails ActionController: Difference between request.remote_ip and request.remote_addr
I'm the author of the current implementation of remote_ip, and the other things that it does include checking for IP spoofing attacks, and correctly handling multiple X-Forwarded-For headers. There's a big caveat, though: only some Ruby web servers support multiple headers, so the value still might be wrong.
I wrote up the results from testing the most popular Ruby app servers on my blog, which you might want to check out if repeated headers matter for your application.
It seems to be the case that remote_addr returns the value of the REMOTE_ADDR environment variable as-is, while remote_ip will adjust this based on the presence of HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP variables as well, such as you might have when your client is being forwarded through a proxy.
That double check for local_request? is simply a way of ascertaining that the user came from a local machine, and wasn't simply forwarded from somewhere else through a local proxy.