Multiple error 500 Discourse InvalidAccess in default_current_user_provider.rb

Hi!

I start to have a lot of 500 errors (Discourse InvalidAccess) in my installation and try upgrading, downgrading, backuping, etc… The only way to solve the problem was editing the file /var/www/discourse/lib/auth/default_current_user_provider.rb. Modifying the line

limiter = RateLimiter.new(nil, "cookie_auth_#{request.ip}", COOKIE_ATTEMPTS_PER_MIN ,60)

By

limiter = RateLimiter.new(nil, "cookie_auth_#{request.ip}", COOKIE_ATTEMPTS_PER_MIN ,0)

Anybody know what to do this line?

Thanks in advance!

Any thoughts on this @sam? This is an older version.

could be a bug in an early version, but disabling the rate limiter is not a good idea, it is there to protect against attacks.

My guess, IP is not being reported correctly to Discourse cause the site is behind a load balancer and every request looks like it is from the same ip.

3 Likes

Thank you so much for the replies. I will check if the IP’s is not arriving correctly and then I will re-enable the recurrent protection.

You’re right… All the ips are 127.0.0.1 because all my visitors are internals users… The app is working as institutional intranet… I dont find the way to pass the real IP’s to discourse… In the nginx logs the IP’s seems fine.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.