The problem
I'm getting the error:
ActionDispatch::RemoteIp::IpSpoofAttackError (IP spoofing attack?!HTTP_CLIENT_IP="203.29.78.157"HTTP_X_FORWARDED_FOR="172.20.19.214, 116.50.58.180"):
when some people visit my Rails 3.0.10 application and log in or confirm their email address. I'm using Devise.
What I've tried
http://pivotallabs.com/users/jay/blog/articles/1216-standup-4-7-2010-disabling-rails-ip-spoofing-safeguard
So within production.rb I've added:
config.action_controller.ip_spoofing_check = false
I've also tried adding it to environment.rb:
Things3::Application.configure do
config.action_mailer.delivery_method = :smtp
config.action_controller.ip_spoofing_check = false
end
I still get the error. What am I missing?
Note that the method "config.action_controller.ip_spoofing_check=" has deprecation warnings starting 3.0, and now won't work on 3.2. Use the following method call instead:
config.action_dispatch.ip_spoofing_check = false
This blog post might help: it explains why this error occur and how to disable ip spoofing while retaining the security check https://github.com/phinze/writeheavy.com/blob/master/_posts/2011-07-31-when-its-ok-to-turn-of-rails-ip-spoof-checking.markdown
This started working for me right after I posted this. I made a mistake testing it when I'd added it to environment.rb.
Related
I hosted my Rails 3.2.13 application in (Ubuntu 14.04 + Passenger + apache2) combination server.
Everything is working perfect in development environment; but in production environment. I got error like below :-
In browser
We're sorry, but something went wrong.
We've been notified about this issue and we'll take a look at it shortly.
Than, I decided to take log report in log/production.log and done some changes like below.
In /config/environments/production.rb file:
config.consider_all_requests_local = true
config.log_level = :debug
Rails.logger = Logger.new(STDOUT)
Rails.logger = Log4r::Logger.new("Application Log")
Even than, log report is not created in /log/production.log file
Do I need to do anything else ? kindly someone assist me to resolve this issue.
Passenger author here. In addition to the Rails log file, you should also look in the web server error log. Learn more about this in the Passenger documentation's troubleshooting section.
I'm new to rails and very new to Heroku, but I've recently hosted my app up on Heroku and am getting the following error in my log:
Started GET "/stylesheets/all.css" for ...
ActionController::RoutingError (No route matches "/stylesheets/all.css"):
I stumbled across this forum (http://railsforum.com/viewtopic.php?id=38540) where someone was able to fix a similar problem by setting config.serve_static_assets = true in their config/environments/prodcution.rb, but this did not work for me. Does anyone have any thoughts on this? To clarify, I only get this error in production, not in dev. Thanks.
Also, rather interesting is that I am actually able to access /stylesheets/styles.css with no problem...
Why not just add a blank all.css file?
When I run rails s it loads up and everything works. When I browse to a page several lines of information are printed. Mostly this is the webpage getting the assets for the page. I really don't need to see this and have it clutter my screen. Is there a way to customize what gets printed in console?
Thanks
For assets pipeline messages it seems that you can't (yet). See How to disable logging of asset pipeline (sprockets) messages in Rails 3.1? and the rails issue on Github
You can do it in part by using these lines (credits) in your development.rb file
config.after_initialize do |app|
app.assets.logger = Logger.new('/dev/null')
end
For Rails 3.1, inside config/environments/development.rb, set the following to false:
config.assets.debug = false
Your logs will show you everything you want to see minus the assets.
You can configure the logging detail of the rails dev server by setting config.log_level in environments/development.rb. Setting it to :warn will get rid of most of the logging (you can always send your own messages with whatever log level you want so they still get printed).
http://guides.rubyonrails.org/debugging_rails_applications.html#log-levels
http://guides.rubyonrails.org/debugging_rails_applications.html#log-levels
I am trying to implement an OAuth provider in Rails 3. When I try to authorize a client app I get this error. I am using the RESTful auth plugin and pelles OAuth-plugin. When I was testing via the Rails console and getting this error I thought that I simply needed to encode the URLs but I get the same error when testing in browser so I am not sure what is wrong.
I got into trouble with URI.split (returning this error), I don't know if this helps you, but I will post here some warnings for also someone else having this error:
Check your url is not nil, and it's a valid one.
Do URI.encode(url) before URI.parse (to avoid special characters)
Do strip to the string you pass to URI.parse (to avoid leading and trailing whitespaces).
All in one:
uri = URI.parse(URI.encode(url.strip))
Related resource: http://www.practicalguile.com/2007/09/15/raising-uriinvalidurierror-from-a-perfectly-valid-uri/
You can also use this alternative URI gem: https://github.com/sporkmonger/addressable
There is no such problems with it.
Very native, just add namespace in your code after installing the gem
Addressable::URI
try this:
safeurl = URI.encode(url.strip)
response = RestClient.get(safeurl)
I'm here because I faced an issue with the fastlane. It's been written with Ruby thus my answer can be helpful.
In my case, I had the environment variables http_proxy = XX.XX.XX.XX:XXXX and https_proxy = ...
When I changed them to http_proxy = http://XX.XX.XX.XX:XXXX and https_proxy = https://... respectivle the issue has gone.
I'm new to rails and ruby and was able to stitch together my first app and launch it on heroku. All is well, and now I'm trying to solve the problem of how to manage my data. I found the plugin called "admin_data" and it seemed to be the right choice.
Admin_data works great locally but when I deploy it to heroku I just get the message "We're sorry, but something went wrong. (500)". If I restrict access I get the correct response of "not authorized".
I have no idea what's going wrong, and more importantly, don't know how to look into the cause of the error. Any tips on getting a verbose message from heroku or tuning admin_data are much appreciated.
Thanks!
'admin_data' by default only works in a 'development' environment.
You can either set your Heroku app to 'development' environment (http://docs.heroku.com/config-vars) or add your environment to an 'admin_data' config file (config instructions for a Rails 3 app are here: https://github.com/neerajdotname/admin_data/wiki/admin_data-security-configuration-for-a-Rails3-application):
AdminData.config do |config|
config.is_allowed_to_view = lambda {|controller| return true if (Rails.env.development? || Rails.env.test?) }
config.is_allowed_to_update = lambda {|controller| return true if (Rails.env.development? || Rails.env.test?) }
end