I host a rails app using nginx. Until I recently upgrade rails to 2.1.1, everything worked great. This update to rails included a feature designed to stop IP spoofing attacks. The way it does it is if the client-ip header and the forwarded-for header are both present it throws a 500 error. Yahoo's slurp bot uses that as well as DirecPC satellite internet. I found a solution for Apache web servers but I can't figure out how to accomplish the same thing with nginx. I pasted the Apache solution below. Any help is appreciated. "I deploy Rails in a common Apache w/mod_proxy_balancer and Mongrel setup. Apache uses X-Forwarded-For natively, so thatâ€™s the one I want to trust. To make Rails happy, Iâ€™ve just told Apache to delete the Client-IP header if present. Adding RequestHeader unset Client-IP to the virtual host configuration seems to do the trick." Thanks again, Eric.
on 2008-10-17 19:01
on 2009-07-13 18:03
Hope this helps someone - https://rails.lighthouseapp.com/projects/8994/tickets/322 Shai.