Multiple error 500 Discourse InvalidAccess in default_current_user_provider.rb


(Julian Somoza) #1

Hi!

I start to have a lot of 500 errors (Discourse InvalidAccess) in my installation and try upgrading, downgrading, backuping, etc… The only way to solve the problem was editing the file /var/www/discourse/lib/auth/default_current_user_provider.rb. Modifying the line

limiter = RateLimiter.new(nil, "cookie_auth_#{request.ip}", COOKIE_ATTEMPTS_PER_MIN ,60)

By

limiter = RateLimiter.new(nil, "cookie_auth_#{request.ip}", COOKIE_ATTEMPTS_PER_MIN ,0)

Anybody know what to do this line?

Thanks in advance!


#3

Can confirm that this worked for our installation, too. We are running version 1.8.9 +1


(Jeff Atwood) #4

Any thoughts on this @sam? This is an older version.


(Sam Saffron) #5

could be a bug in an early version, but disabling the rate limiter is not a good idea, it is there to protect against attacks.

My guess, IP is not being reported correctly to Discourse cause the site is behind a load balancer and every request looks like it is from the same ip.


(Julian Somoza) #6

Thank you so much for the replies. I will check if the IP’s is not arriving correctly and then I will re-enable the recurrent protection.


(Julian Somoza) #7

You’re right… All the ips are 127.0.0.1 because all my visitors are internals users… The app is working as institutional intranet… I dont find the way to pass the real IP’s to discourse… In the nginx logs the IP’s seems fine.