Menu
The problem
I'm getting the error:
ActionDispatch::RemoteIp::IpSpoofAttackError (IP spoofing attack?!HTTP_CLIENT_IP="203.29.78.157"HTTP_X_FORWARDED_FOR="172.20.19.214, 116.50.58.180"):
when some people visit my Rails 3.0.10 application and log in or confirm their email address. I'm using Devise.
What I've tried
http://pivotallabs.com/users/jay/blog/articles/1216-standup-4-7-2010-disabling-rails-ip-spoofing-safeguard
So within production.rb I've added:
config.action_controller.ip_spoofing_check = false
I've also tried adding it to environment.rb:
Things3::Application.configure do
config.action_mailer.delivery_method = :smtp
config.action_controller.ip_spoofing_check = false
end
I still get the error. What am I missing?
836
Note that the method "config.action_controller.ip_spoofing_check=" has deprecation warnings starting 3.0, and now won't work on 3.2. Use the following method call instead:
config.action_dispatch.ip_spoofing_check = false
123
This blog post might help: it explains why this error occur and how to disable ip spoofing while retaining the security check https://github.com/phinze/writeheavy.com/blob/master/_posts/2011-07-31-when-its-ok-to-turn-of-rails-ip-spoof-checking.markdown
8
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
