Reputation: 6278
Turning off ip spoofing check in Rails 3 application
The problem
I'm getting the error:
ActionDispatch::RemoteIp::IpSpoofAttackError (IP spoofing attack?!HTTP_CLIENT_IP="203.29.78.157"HTTP_X_FORWARDED_FOR="172.20.19.214, 116.50.58.180"):
when some people visit my Rails 3.0.10 application and log in or confirm their email address. I'm using Devise.
What I've tried
So within production.rb I've added:
config.action_controller.ip_spoofing_check = false
I've also tried adding it to environment.rb:
Things3::Application.configure do
config.action_mailer.delivery_method = :smtp
config.action_controller.ip_spoofing_check = false
end
I still get the error. What am I missing?
Upvotes: 16
Views: 7389
Answers (3)
Reputation: 10796
This blog post might help: it explains why this error occur and how to disable ip spoofing while retaining the security check https://github.com/phinze/writeheavy.com/blob/master/_posts/2011-07-31-when-its-ok-to-turn-of-rails-ip-spoof-checking.markdown
Upvotes: 9
Reputation: 1683
Note that the method "config.action_controller.ip_spoofing_check=" has deprecation warnings starting 3.0, and now won't work on 3.2. Use the following method call instead:
config.action_dispatch.ip_spoofing_check = false
Upvotes: 31
Reputation: 6278
This started working for me right after I posted this. I made a mistake testing it when I'd added it to environment.rb.
Upvotes: -1
Related Questions
- How to disable IP Spoofing check in Rails 4 application?
- Disable IP address logging with devise
- Rails Devise restrict IP address access for admin users
- Rails Devise and user IP Address
- Disable IP address logging Rails
- Why is validating an IP giving me invalid with Rails?
- Rails 2.3.8 Gem to whitelist ip addresses
- Rails 3 - Devise IP based authentication
- Rails accessing and manipulate user_ip_address
- How can I restrict access to ALL devise controllers by IP address'?