Skip to content

rate-limiting: trusted-proxy client-IP handling (blocker) #56

Description

@disconsented

⚠️ Blocker for IP-based rate limiting. Settle how the real client IP reaches the process before any IP bucket goes live.

Problem

The app binds 0.0.0.0:5800 directly (src/web/mod.rs:92) with no reverse-proxy config in the repo, but runs at a public domain — so it's almost certainly behind a reverse proxy / Cloudflare in production. That means:

  • A naive IP issuer sees the proxy's IP for every request → rate-limits all users as one (self-inflicted outage).
  • Blindly trusting X-Forwarded-For lets a client spoof its IP and dodge the limit entirely.

Scope

  • Confirm the production topology (proxy? Cloudflare? direct?).
  • Configure client-IP extraction to trust X-Forwarded-For / CF-Connecting-IP only from the known proxy hop.
  • Verify whether salvo's IP issuer honours forwarded headers or whether a small custom issuer is needed.
  • Record the assumed topology in config so it can't silently regress.

Blocks

Parent: #50

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions