Rails和ip-spoofing

时间:2010-11-09 09:04:13

标签: ruby-on-rails rake thin ddos

我在Rails 2.3.2上有一个小应用程序,配有nginx + thin(127)。 OS FreeBSD 7.1,DB - Posgresql。

本周Twise我的应用已经下降了。 在日志中我得到类似的东西(每秒约2-50个请求):

/!\ FAILSAFE /!\  Mon Oct 04 20:13:55 +0300 2010
 Status: 500 Internal Server Error
  bad content body
   /usr/home/../../history/vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/utils.rb:311:in `parse_multipart'
   /usr/home/../../history/vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/request.rb:125:in `POST'
   /usr/home/../../history/vendor/rails/actionpack/lib/action_controller/request.rb:428:in `request_parameters'
   /usr/home/../../history/vendor/rails/actionpack/lib/action_controller/request.rb:381:in `parameters'
   /usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1279:in `assign_shortcuts'
   /usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:518:in `process_without_filters'

或者:

/!\ FAILSAFE /!\ Tue Nov 09 09:24:39 +0200 2010     状态:500内部服务器错误     IP欺骗攻击?!     HTTP_CLIENT_IP = “XX.XX.XX.XX”     HTTP_X_FORWARDED_FOR =“192.168.XX.XX,YY.YY.YY.YY”

/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/request.rb:229:in `remote_ip'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1372:in `request_origin'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1304:in `log_processing_for_request_id'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:1296:in `log_processing'
/usr/home/../../history/vendor/rails/actionpack/lib/action_controller/base.rb:522:in `process_without_filters'

在该系统进入最大打开文件限制之后(我猜它通过postgesql会话打开),postgresql无法建立新连接和应用程序崩溃。

在这种情况下我有什么建议,如何保护我的 ss pp?

1 个答案:

答案 0 :(得分:6)

引自rails 2.3发行说明:

Rails检查IP欺骗的事实对于使用手机进行大量流量的网站来说可能是一件麻烦事,因为他们的代理通常不会正确设置。如果是你,你现在可以设置ActionController :: Base.ip_spoofing_check = false来完全禁用检查。