IP spoofing attack errors after setting up a nodebalancer
I recently set up a NodeBalancer in front of a Rails 3.2.12 app.
The app is served by nginx and Unicorn.
All seems to work fine, but I get a lot of errors such as theses that I didn't get when I only had 1 server.
IP spoofing attack?!HTTP_CLIENT_IP="10.16.81.184"HTTP_X_FORWARDED_FOR="136.160.88.153, 192.168.255.5"
actionpack (3.2.12) lib/action_dispatch/middleware/remote_ip.rb:55:in `calculate_ip'
Here is my nginx configuration for the app.
upstream unicorn {
server unix:/tmp/unicorn.ahotu-calendars.sock fail_timeout=0;
}
server {
listen 80 default deferred;
root /home/deployer/apps/appdirectory/current/public;
if (-f $document_root/system/maintenance.html) {
return 503;
}
error_page 503 @maintenance;
location @maintenance {
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @unicorn;
location @unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Did I do something wrong?
Thank you
2 Replies
The nodebalancer adds an X-Forwarded-For header, that they haven't document despite me bugging them about it numberious times.
In my nginx setup I've got the following in a server that replaces the source IP for only the nodebalancer. I don't know if it removes the proxy header:
realipheader X-Forwarded-For;
setrealip_from 192.168.255.0/24;
If you still have problems try to overwride the X-Forwarded-For rather than adding an address.