这是我在rails生产环境中发现的错误:
IP spoofing attack?!HTTP_CLIENT_IP="10.127.166.241"HTTP_X_FORWARDED_FOR="10.127.166.241, 61.164.36.180"
actionpack (3.2.11) lib/action_dispatch/middleware/remote_ip.rb:55:in `calculate_ip'
所以我深入研究了导航remote_ip.rb源代码,浏览了calculate_ip,在本地进行了测试,发现它不应该发生,这里是测试代码:
forwarded_ips = "10.127.166.241, 61.164.36.180".strip.split(/[,\s]+/).reverse
client_ips ="10.127.166.241".strip.split(/[,\s]+/).reverse
!forwarded_ips.include?(client_ips.last) # return false?
根据我的理解,在阅读完源代码后,caculate_ip会返回错误的61.164.36.180个实例,有谁知道为什么?感谢〜