Rails 和 IP 欺骗
我在 Rails 2.3.2 上有一个小型应用程序,使用 nginx+thin(127) 提供服务。 操作系统 FreeBSD 7.1,数据库 - Posgresql。
这周我的应用程序突然崩溃了。 在日志中我得到类似的信息(每秒约 2-50 个请求):
/!\ FAILSAFE /!\ Mon Oct 04 20:13:55 +0300 2010
Status: 500 Internal Server Error
bad content body
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/utils.rb:311:in `parse_multipart'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/request.rb:125:in `POST'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/request.rb:428:in `request_parameters'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/request.rb:381:in `parameters'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1279:in `assign_shortcuts'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:518:in `process_without_filters'
或者:
/!\ FAILSAFE /!\ Tue Nov 09 09:24:39 +0200 2010 状态:500 内部服务器错误 IP欺骗攻击?! HTTP_CLIENT_IP="XX.XX.XX.XX" HTTP_X_FORWARDED_FOR="192.168.XX.XX, YY.YY.YY.YY"
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/request.rb:229:in `remote_ip'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1372:in `request_origin'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1304:in `log_processing_for_request_id'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1296:in `log_processing'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:522:in `process_without_filters'
在系统达到最大打开文件限制(我猜它是由 postgesql 会话打开)之后,postgresql 无法建立新连接并且应用程序崩溃。
有什么建议吗,在这种情况下我如何保护我的 asspp?
I have small application on Rails 2.3.2, served with nginx+thin(127).
OS FreeBSD 7.1, DB - Posgresql.
Twise at this week my app has fall.
In log I get something like (~2-50 request per second):
/!\ FAILSAFE /!\ Mon Oct 04 20:13:55 +0300 2010
Status: 500 Internal Server Error
bad content body
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/utils.rb:311:in `parse_multipart'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/request.rb:125:in `POST'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/request.rb:428:in `request_parameters'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/request.rb:381:in `parameters'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1279:in `assign_shortcuts'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:518:in `process_without_filters'
Or:
/!\ FAILSAFE /!\ Tue Nov 09 09:24:39 +0200 2010
Status: 500 Internal Server Error
IP spoofing attack?!
HTTP_CLIENT_IP="XX.XX.XX.XX"
HTTP_X_FORWARDED_FOR="192.168.XX.XX, YY.YY.YY.YY"
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/request.rb:229:in `remote_ip'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1372:in `request_origin'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1304:in `log_processing_for_request_id'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1296:in `log_processing'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:522:in `process_without_filters'
After that system rests into max open file limit (I guess it open by postgesql sessions), postgresql can't establish new connection and app fall.
Any suggestion, how I can protect my asspp in this situation?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
引自 Rails 2.3 发行说明:
Rails 检查 IP 欺骗的事实对于使用手机进行大量流量的网站来说可能会很麻烦,因为它们的代理通常不会正确设置。如果是您,您现在可以设置 ActionController::Base.ip_spoofing_check = false 来完全禁用检查。
Quoted from rails 2.3 release notes :
The fact that Rails checks for IP spoofing can be a nuisance for sites that do heavy traffic with cell phones, because their proxies don’t generally set things up right. If that’s you, you can now set ActionController::Base.ip_spoofing_check = false to disable the check entirely.