This project is archived and is in readonly mode.

#4757 ✓stale
Lawrence Pit

Raising IpSpoofAttackError should result in a 403 Forbidden instead of 500 Internal Server Error

Reported by Lawrence Pit | June 3rd, 2010 @ 05:24 AM

When IP spoofing has been detected sending 403 Forbidden is more appropriate than saying there was an internal server error.

403 Forbidden: "The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated." -- http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

Comments and changes to this ticket

  • Lawrence Pit

    Lawrence Pit June 8th, 2010 @ 05:21 AM

    • Tag set to patch
  • Damien MATHIEU

    Damien MATHIEU June 8th, 2010 @ 07:22 AM

    You can change that yourself in your application using rescue_from

  • Lawrence Pit

    Lawrence Pit June 8th, 2010 @ 07:50 AM

    I think it should be the sensible default. Why have default @@rescue_responses at all otherwise?

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 04:37 PM

    • State changed from “new” to “open”

    This issue has been automatically marked as stale because it has not been commented on for at least three months.

    The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.

    Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 04:37 PM

    • State changed from “open” to “stale”

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

People watching this ticket

Attachments

Tags

Pages