Rescue ActionDispatch::RemoteIp::IpSpoofAttackError

[wjordan]

#from_whitelisted_ip? should return false instead of raising an ActionDispatch::RemoteIp::IpSpoofAttackError exception.

This fixes an issue introduced by fc321fd, where spoofed-ip requests will always raise an exception in the Rack middleware stack at WebConsole::Middleware, effectively ignoring the config.action_dispatch.ip_spoofing_check setting whenever the Web Console is in the application stack.

With this PR, access to the Web Console will still be denied to spoofed-ip requests, but the request will continue to be passed up the stack to ActionDispatch::RemoteIp, where the app will still raise IpSpoofAttackError unless config.action_dispatch.ip_spoofing_check is false.

Fixes rails/rails#32379.

[rails-bot]

Thanks for the pull request, and welcome! The Rails team is excited to review your changes, and you should hear from @gsamokovarov (or someone else) soon.

If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes.

Please see the contribution instructions for more information.

[gsamokovarov]

Hey @wjordan, thank you for the fix! Can you take a look at the test failure? At first, it doesn't seem related to your change, but the master tests are green.

[gsamokovarov]

I've looked into the failure, it's not related to your change and I'll fix it in a bit.