- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我在Rails 4应用程序中遇到以下错误:
ActionDispatch::RemoteIp::IpSpoofAttackError: IP spoofing attack?! HTTP_CLIENT_IP="xx.xx.xx.xx" HTTP_X_FORWARDED_FOR="xx.xx.xx.xx"
When an intermediate proxy inserts the user IP address both in theHTTP_CLIENT_IP and the HTTP_X_FORWARDED_FOR, and this address isprivate, ActionDispatch::RemoteIp raises an IpSpoofAttackErrorexception.
When an enterprise proxy includes the user's IP address in a header,this will commonly be private. Removing private IP addresses from thechain contained in HTTP_X_FORWARDED_FOR should probably be done onlywhen the address is not an exact match of the one found inHTTP_CLIENT_IP. If it is a match, that should be the user's IPaddress.
This happens for example with the following environment:
HTTP_CLIENT_IP: 172.17.19.51 HTTP_X_BLUECOAT_VIA: ffffffffffffffffHTTP_X_FORWARDED_FOR: 172.17.19.51 REMOTE_ADDR: xxx.xxx.xxx.xxx (thiswould be a public IP address)
As a work-around, I've disabled this check in config/application.rb:
config.action_dispatch.ip_spoofing_check = false
最佳答案
最好是解决实际问题,而不是关闭警告。这是我对Rails告诉您的内容的改写:
This request seems to have come through two different reverse proxies. One of them set the
CLIENT_IP
header to the user's IP address; the other set theX_FORWARDED_FOR
header. One of those values is probably correct, the other probably contains the IP of a reverse proxy, and I have no way to tell which is which. I can't reliably determine this user's IP address, so I'm going to reject the request.
关于ruby-on-rails - 如何在Rails 4应用程序中禁用IP欺骗检查?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27934352/
我是一名优秀的程序员,十分优秀!