我發現了以下錯誤在我的Rails應用4:如何在Rails 4應用程序中禁用IP欺騙檢查?
ActionDispatch::RemoteIp::IpSpoofAttackError: IP spoofing attack?! HTTP_CLIENT_IP="xx.xx.xx.xx" HTTP_X_FORWARDED_FOR="xx.xx.xx.xx"
我們不需要這種類型的安全檢查,因此一些周圍的Googling後,我發現這一點:
https://github.com/rails/rails/issues/10780
When an intermediate proxy inserts the user IP address both in the HTTP_CLIENT_IP and the HTTP_X_FORWARDED_FOR, and this address is private, ActionDispatch::RemoteIp raises an IpSpoofAttackError exception.
When an enterprise proxy includes the user's IP address in a header, this will commonly be private. Removing private IP addresses from the chain contained in HTTP_X_FORWARDED_FOR should probably be done only when the address is not an exact match of the one found in HTTP_CLIENT_IP. If it is a match, that should be the user's IP address.
This happens for example with the following environment:
HTTP_CLIENT_IP: 172.17.19.51 HTTP_X_BLUECOAT_VIA: ffffffffffffffff HTTP_X_FORWARDED_FOR: 172.17.19.51 REMOTE_ADDR: xxx.xxx.xxx.xxx (this would be a public IP address)
一個修復這裏介紹:
As a work-around, I've disabled this check in config/application.rb:
config.action_dispatch.ip_spoofing_check = false
然而,這似乎並沒有在Rails 4中工作。什麼是新的電話,我如何設置它的網站範圍?