Ruby on rails 常规ActionController::InvalidAuthenticationToken异常-Rails
我有一个Rails 4.2.6应用程序(也运行Desive)正在生产中,安装了gem并正在运行。我收到数百个Ruby on rails 常规ActionController::InvalidAuthenticationToken异常-Rails,ruby-on-rails,devise,csrf,bots,Ruby On Rails,Devise,Csrf,Bots,我有一个Rails 4.2.6应用程序(也运行Desive)正在生产中,安装了gem并正在运行。我收到数百个ActionController::InvalidAuthenticityToken错误(以下示例),通常每分钟2-3个,每次持续数小时。我不太了解Rails的安全性,但我猜这是一个试图进行某种形式的CSRF攻击的机器人 它总是来自同一个IP地址(107.15.69.216),看起来像来自美国北卡罗来纳州罗利市的IP地址 它是机器人吗 还有,我是否需要对此做些什么,或者错误只是证明Desi
ActionController::InvalidAuthenticityToken注册中出现ActionController::InvalidAuthenticationToken#创建:
ActionController::InvalidAuthenticationToken
-------------------------------
请求:
-------------------------------
*网址:https://xxx.xxx.xxx.xxx/
*HTTP方法:POST
*IP地址:107.15.69.216
*参数:{"4.中国的一个ZCLL9(ZCL9)在一个ZC8(ZC7)在一个QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQGGGGGGGGGGGGZZGGGGGGZZZGGGZGGGGGGGGGGGGGGGGZGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGf0ydlmpe5/MqYWQNINgpzIxokxY1JyEdg5WphcGExuXjPDN3ChYUrkZG4h PAe7LuaGSQjyTOY/K4/O/iLODlBcM EqxCVZY8J04“=>无,“控制器”=>“注册”,“操作”=>“创建”}
*时间戳:2017-01-12 14:00:54 UTC
*服务器:sgp1-iml-01
*Rails根目录:/home/app name deploy/apps/app name/releases/20161212034105
*流程:11031
-------------------------------
会议:
-------------------------------
*会话id:[已筛选]
*数据:{}
-------------------------------
环境:
-------------------------------
*内容长度:420
*内容类型:application/x-www-form-urlencoded
*网关接口:CGI/1.2
*HTTP\u缓存\u控件:无缓存
*HTTP_连接:关闭
*HTTP_主机:xxx.xxx.xxx.xxx
*HTTP_用户_代理:Mozilla/5.0(Windows NT 6.1;WOW64;Trident/7.0;rv:11.0)与Gecko类似
*HTTP_版本:HTTP/1.0
*HTTP_X_转发给:107.15.69.216
*HTTP\u X\u转发的\u协议:https
*原始路径:/
*原始脚本名称:
*路径信息:/
*查询字符串:
*远程地址:127.0.0.1
*请求方式:POST
*请求路径:/
*请求URI:/
*路由\u 42047240\u脚本\u名称:
*脚本名称:
*服务器名称:xxx.xxx.xxx.xxx
*服务器端口:443
*服务器协议:HTTP/1.1
*服务器软件:puma 3.6.0 Sleepy Sunday Serenity
*action_controller.instance:#
*操作\u分派。回溯\u清理器:#
*行动(u dispatch.cookies):#
*行动_dispatch.cookies _摘要:
*action_dispatch.cookies_序列化程序:json
*动作\u调度。加密\u cookie\u盐:加密cookie
*动作\u调度。加密\u签名\u cookie\u salt:签名加密cookie
*操作\u dispatch.http\u auth\u salt:http身份验证
*操作\u调度键\u生成器:#
*行动_dispatch.logger:#
*操作\u dispatch.parameter\u筛选器:[:密码]
*操作_dispatch.redirect_筛选器:[]
*行动_dispatch.remote _ip:107.15.69.216
*操作\u dispatch.request.content\u类型:application/x-www-form-urlencoded
*动作_dispatch.request.formats:[#]
*操作_dispatch.request.parameters:{”4.中国的一个ZCLL9(ZCL9)在一个ZC8(ZC7)在一个QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQGGGGGGGGGGGGZZGGGGGGZZZGGGZGGGGGGGGGGGGGGGGZGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGf0ydlmpe5/MqYWQNINgpzIxokxY1JyEdg5WphcGExuXjPDN3ChYUrkZG4h PAe7LuaGSQjyTOY/K4/O/iLODlBcM EqxCVZY8J04“=>无,“控制器”=>“注册”,“操作”=>“创建”}
*action_dispatch.request.path_参数:{:controller=>“registrations”,:action=>“create”}
*操作\u dispatch.request.query\u参数:{}
*操作\u dispatch.request.request\u参数:{”4.中国的一个ZCLL9(ZCL9)在一个ZC8(ZC7)在一个QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQGGGGGGGGGGGGZZGGGGGGZZZGGGZGGGGGGGGGGGGGGGGZGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGf0ydlmpe5/MqYWQNINgpzIxokxY1JyEdg5WphcGExuXjPDN3ChYUrkZG4h PAe7LuaGSQjyTOY/K4/O/iLODlBcM EqxCVZY8J04“=>nil}
*操作\u dispatch.request.unsigned\u会话\u cookie:{}
*行动调度请求id:b8c1d2ef-0272-4e58-928d-8d02e8c5ad28
*行动(调度路线):#
*行动秘密密钥库:72399E7D71631B9BF5C19FE5E63E6E6C7163F37CDF8D1BB853CB77B53B6DE0D20CE168A0E4A6FC87FADEB09B122A30D09FF9103F2F05A6BD5660C4C00F57392
*action_dispatch.secret_令牌:
*行动\调度。显示\详细信息_
iptables -I INPUT -s 107.15.69.216 -j DROP