ruby-on-rails-3 configuration devise environment-variables

Turning off ip spoofing check in Rails 3 application

The problem

I'm getting the error:

ActionDispatch::RemoteIp::IpSpoofAttackError (IP spoofing attack?!HTTP_CLIENT_IP="203.29.78.157"HTTP_X_FORWARDED_FOR="172.20.19.214, 116.50.58.180"):

when some people visit my Rails 3.0.10 application and log in or confirm their email address. I'm using Devise.

What I've tried

http://pivotallabs.com/users/jay/blog/articles/1216-standup-4-7-2010-disabling-rails-ip-spoofing-safeguard

So within production.rb I've added:

config.action_controller.ip_spoofing_check = false

I've also tried adding it to environment.rb:

Things3::Application.configure do
  config.action_mailer.delivery_method = :smtp
  config.action_controller.ip_spoofing_check = false
end

I still get the error. What am I missing?

Solution

Note that the method "config.action_controller.ip_spoofing_check=" has deprecation warnings starting 3.0, and now won't work on 3.2. Use the following method call instead:

config.action_dispatch.ip_spoofing_check = false