Client-IP Rails issue

Eric Sessions lists at ruby-forum.com
Fri Oct 17 21:01:11 MSD 2008


I host a rails app using nginx.  Until I recently upgrade rails to
2.1.1, everything worked great.  This update to rails included a feature
designed to stop IP spoofing attacks.  The way it does it is if the
client-ip header and the forwarded-for header are both present it throws
a 500 error.  Yahoo's slurp bot uses that as well as DirecPC satellite
internet.  I found a solution for Apache web servers but I can't figure
out how to accomplish the same thing with nginx.  I pasted the Apache
solution below.  Any help is appreciated.

"I deploy Rails in a common Apache w/mod_proxy_balancer and Mongrel
setup. Apache uses X-Forwarded-For natively, so that’s the one I want to
trust. To make Rails happy, I’ve just told Apache to delete the
Client-IP header if present.
Adding RequestHeader unset Client-IP to the virtual host configuration
seems to do the trick."

Thanks again,
Eric.
-- 
Posted via http://www.ruby-forum.com/.





More information about the nginx mailing list