How to disable IP Spoofing check in Rails 4 application?

Question

I\'m getting the following error on my Rails 4 application:

ActionDispatch::RemoteIp::IpSpoofAttackError: IP spoofing attack?! HTTP_CLIENT_IP="xx.xx.xx.

Answer 1

config.action_dispatch.ip_spoofing_check = false is still the correct setting.

However, web-console (included in Rails development environment by default since Rails 4.2) doesn't respect this setting and raises IpSpoofAttackError whenever it's included in the application stack, even when spoofing_check is false. A workaround for this issue is to remove web-console from your environment's application stack.

See rails/rails#32379 and rails/web-console#254 for more details on this issue and a proposed fix.