问题
我收到错误:
ActionDispatch::RemoteIp::IpSpoofAttackError(IP 欺骗攻击?!HTTP_CLIENT_IP="203.29.78.157"HTTP_X_FORWARDED_FOR="172.20.19.214, 116.50.58.180"):
当某些人访问我的 Rails 3.0.10 应用程序并登录或确认他们的电子邮件地址时。我正在使用设计。
我尝试过的
http://pivotallabs.com/users/jay/blog/articles/1216-standup-4-7-2010-disabling-rails-ip-spoofing-safeguard
所以在内Production.rb 我添加了:
config.action_controller.ip_spoofing_check = false
我也尝试将其添加到environment.rb:
Things3::Application.configure do
config.action_mailer.delivery_method = :smtp
config.action_controller.ip_spoofing_check = false
end
我仍然收到错误。我缺少什么?
The problem
I'm getting the error:
ActionDispatch::RemoteIp::IpSpoofAttackError (IP spoofing attack?!HTTP_CLIENT_IP="203.29.78.157"HTTP_X_FORWARDED_FOR="172.20.19.214, 116.50.58.180"):
when some people visit my Rails 3.0.10 application and log in or confirm their email address. I'm using Devise.
What I've tried
http://pivotallabs.com/users/jay/blog/articles/1216-standup-4-7-2010-disabling-rails-ip-spoofing-safeguard
So within production.rb I've added:
config.action_controller.ip_spoofing_check = false
I've also tried adding it to environment.rb:
Things3::Application.configure do
config.action_mailer.delivery_method = :smtp
config.action_controller.ip_spoofing_check = false
end
I still get the error. What am I missing?
发布评论
评论(3)
请注意,方法“config.action_controller.ip_spoofing_check=”从 3.0 开始有弃用警告,现在在 3.2 上不起作用。请改用以下方法调用:
config.action_dispatch.ip_spoofing_check = falseNote that the method "config.action_controller.ip_spoofing_check=" has deprecation warnings starting 3.0, and now won't work on 3.2. Use the following method call instead:
config.action_dispatch.ip_spoofing_check = false这篇博文可能会有所帮助:它解释了为什么会发生此错误以及如何在保留安全检查的同时禁用 ip 欺骗 https://github.com/phinze/writeheavy.com/blob/master/_posts/2011-07-31-when-its-ok-to-turn-of-rails-ip-spoof-checking.markdown
This blog post might help: it explains why this error occur and how to disable ip spoofing while retaining the security check https://github.com/phinze/writeheavy.com/blob/master/_posts/2011-07-31-when-its-ok-to-turn-of-rails-ip-spoof-checking.markdown
在我发布此内容后,这立即开始为我工作。当我将它添加到
environment.rb时,我在测试它时犯了一个错误。This started working for me right after I posted this. I made a mistake testing it when I'd added it to
environment.rb.