Failsafe error in rails 2.1 RC1 - ip spoofing

Hi All,
I am getting the following errors in my app using RC 1 of Rails 2.1.
These
errors only appear to be happening for search engine bots/crawlers, but
since my site needs to be indexed, I would like to get rid of them. Does
anyone know if there is a fix, or perhaps a config option not to check
for
ip spoofing?

/!\ FAILSAFE /!\ Sat May 31 11:12:54 -0400 2008
Status: 500 Internal Server Error
IP spoofing attack?!
HTTP_CLIENT_IP=“67.195.44.101”
HTTP_X_FORWARDED_FOR=“67.195.44.101, 67.195.37.172”

Thanks,
Sean

did you try this patch?

http://rails.lighthouseapp.com/attachments/25763/forwarded_client_ip_with_test.patch

Thanks for the link to the patch, but why would one have to patch rails
in
order to avoid these failsafe errors. They are being caused exclusively
buy
yahoo’s crawlers/bots, but isn’t everyone else’s site being crawled by
them
as well? Is everyone else’s site getting these errors as well?
Thanks,
Sean

On Wed, Jun 4, 2008 at 4:00 PM, Evgeniy Kelyarsky <

i’m seeing this a lot with the release version of rails 2.1

Please, can you specify how to aply the patch, I do:

MacBook:rails$ patch -p0 < forwarded_client_ip_with_test.patch
can’t find file to patch at input line 15
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:

|From 75c2fbc4faa8ea15f136fb414627afa19e47d09e Mon Sep 17 00:00:00 2001
|From: Bradford F. [email protected]
|Date: Tue, 3 Jun 2008 17:11:48 -0500
|Subject: [PATCH] If Client-IP and X-Forwarded-For are the same, we don’t need to return a 500.

actionpack/lib/action_controller/request.rb
actionpack/test/controller/request_test.rb
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb
index a35b904…f275ec1 100755
— a/actionpack/lib/action_controller/request.rb
+++ b/actionpack/lib/action_controller/request.rb

File to patch:

Can you help me?

Is anyone else seeing these errors? I’ve just hit upon it while
setting up a cluster. Rails 2.1.

Sean H. wrote:

Is anyone else seeing these errors? I’ve just hit upon it while
setting up a cluster. Rails 2.1.

Try this :
http://iprog.com/posting/2008/08/rails_500_error_ip_spoofing_attack

SYL

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs