ActionDispatch::RemoteIp::IpSpoofAttackError exception

Jason_FB · January 6, 2015, 12:44pm

I am running Rails 3.2.21 on Heroku and yesterday I started seeing a low occurrence exceptions with this signature:

ActionDispatch::RemoteIp::IpSpoofAttackError: IP spoofing attack?!HTTP_CLIENT_IP="10.166.210.93"HTTP_X_FORWARDED_FOR="10.166.210.93, 74.121.112.50"

here is the full stacktrace:

gist.github.com

https://gist.github.com/jasonfb/652fff633de527fe08fb

gistfile1.txt

Application

[PROJECT_ROOT]/app/controllers/orders_controller_decorator.rb:91 :in `populate`
Full

[PROJECT_ROOT]/vendor/bundle/ruby/2.0.0/gems/actionpack-3.2.21/lib/action_dispatch/middleware/remote_ip.rb:55 :in `calculate_ip`
[PROJECT_ROOT]/vendor/bundle/ruby/2.0.0/gems/actionpack-3.2.21/lib/action_dispatch/middleware/remote_ip.rb:69 :in `to_s`
[PROJECT_ROOT]/vendor/bundle/ruby/2.0.0/gems/actionpack-3.2.21/lib/action_dispatch/http/request.rb:165 :in `remote_ip`
[PROJECT_ROOT]/vendor/bundle/ruby/2.0.0/bundler/gems/spree-04fdf4de0ff1/core/lib/spree/core/controller_helpers/order.rb:77 :in `ip_address`
[PROJECT_ROOT]/vendor/bundle/ruby/2.0.0/bundler/gems/spree-04fdf4de0ff1/core/lib/spree/core/controller_helpers/order.rb:36 :in `current_order`

This file has been truncated. show original

Heroku says this is a "false positive" and suggested I turn this off in m app config:

config.action_dispatch.ip_spoofing_check = false

However, they are unable to explain why we've been running for 2 months on their platform until yesterday without this popping up, and yesterday was the first occurrence of it.

any ideas?

-Jason