aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/request.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_controller/request.rb')
-rwxr-xr-xactionpack/lib/action_controller/request.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb
index baa955cb04..087fffe87d 100755
--- a/actionpack/lib/action_controller/request.rb
+++ b/actionpack/lib/action_controller/request.rb
@@ -218,7 +218,7 @@ module ActionController
remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
if @env.include? 'HTTP_CLIENT_IP'
- if remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
+ if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
# We don't know which came from the proxy, and which from the user
raise ActionControllerError.new(<<EOM)
IP spoofing attack?!
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 22:33:35 +0000