Client-IP Rails issue

I host a rails app using nginx. Until I recently upgrade rails to
2.1.1, everything worked great. This update to rails included a feature
designed to stop IP spoofing attacks. The way it does it is if the
client-ip header and the forwarded-for header are both present it throws
a 500 error. Yahoo’s slurp bot uses that as well as DirecPC satellite
internet. I found a solution for Apache web servers but I can’t figure
out how to accomplish the same thing with nginx. I pasted the Apache
solution below. Any help is appreciated.

“I deploy Rails in a common Apache w/mod_proxy_balancer and Mongrel
setup. Apache uses X-Forwarded-For natively, so that’s the one I want to
trust. To make Rails happy, I’ve just told Apache to delete the
Client-IP header if present.
Adding RequestHeader unset Client-IP to the virtual host configuration
seems to do the trick.”

Thanks again,
Eric.

Hope this helps someone -

https://rails.lighthouseapp.com/projects/8994/tickets/322

Shai.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs