Preserve forwarded IP address for trusted proxy chains#1224
Merged
tenderlove merged 1 commit intorack:masterfrom Apr 14, 2018
Merged
Preserve forwarded IP address for trusted proxy chains#1224tenderlove merged 1 commit intorack:masterfrom
tenderlove merged 1 commit intorack:masterfrom
Conversation
Sometimes proxies make requests to Rack applications, for example HAProxy health checks and so on. Previously the forwarded IP implementation ate up these IP addresses, making it hard to tell in Rack applications who made the request
Contributor
|
Yeah, this sounds right to me (see also rails/rails#14600, which I've still never revisited 😔) |
Contributor
Author
Contributor
Author
|
failures seem unrelated, travis config here is a bit ill timeout in one case, broken on ruby head in another due to rack |
Contributor
Author
|
anything? anyone? |
Contributor
Author
|
Almost the same PR is here: #1160 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sometimes proxies make requests to Rack applications, for example
HAProxy health checks and so on.
Previously the forwarded IP implementation ate up these IP addresses,
making it hard to tell in Rack applications who made the request.
@rafaelfranca @matthewd thoughts on this?
Rack is eating up my IP addresses so its totally mucking with my rate limiter.
My actual problem is that I have a "global" rate limiter in the app and for whatever crazy reason AWS ELB loves making enormous amounts of requests for its health checks, I noticed just for meta.discourse.org we had 5 different load balancers checking every cycle. They all have unique private IP addresses though, but the traffic goes ELB -> NGINX -> Unicorn. So it needs to get the ELB address out as remote IP which is a private IP.