Glad You're Ready. Let's Get Started!

Let us know how we can contact you.

Thank you!

We'll respond shortly.

Standup 4/7/2010: Disabling Rails' IP Spoofing Safeguard

Ask for Help

“How can Rails’ IP spoof attack safeguards be disabled when its guesses give false positives that block out important users?”

When Rails has this safeguard in place, it may block out users behind poorly configured firewalls and some mobile devices.

The safeguard causes Rails to return a 500 and log the following message:

ActionController::ActionControllerError: IP spoofing attack?! HTTP_CLIENT_IP="16.89.XX.XXX" HTTP_X_FORWARDED_FOR="15.243.YY.YYY"

Rails 2.3 and later lets you easily disable this by overriding a setting in your environment.rb initializer: do |config|
  config.action_controller.ip_spoofing_check = false

As always, be sure you understand the implications of disabling this security feature!

Post a Comment

Your Information (Name required. Email address will not be displayed with comment.)

* Copy This Password *

* Type Or Paste Password Here *