← Back to Upcase

Handling IpSpoofAttackError


(David Lee) #1

For a very small amount of traffic, users occasionally encounter a ActionDispatch::RemoteIp::IpSpoofAttackError.

Based on the error reporting, this is what the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR were set at the time of the error:

IP spoofing attack?!HTTP_CLIENT_IP="209.140.77.2"HTTP_X_FORWARDED_FOR="209.140.77.53, 192.168.16.4, 209.140.77.53"

I’ve read over this popular article (http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/), which offers a number of solutions but was interested in getting feedback from the Prime community.

I’ve reviewed all the IpSpoofAttackErrors and the requests all appear to be from legitimate traffic. I’ve noticed that the HTTP_CLIENT_IP tends to be very similar to one included in the HTTP_X_FORWARDED_FOR array but is slightly different (thus causing the error to be raised). For example, in the above example, the HTTP_CLIENT_IP is “209.140.77.2” and the IP in the HTTP_X_FORWARDED_FOR is “209.140.77.53.”

I’m interested in the best ways to solve this as well as being curious as to why the IPs are close but different. Thanks!