traffic limiter would fail behind a reverse proxy / load balancer.

Adding configuration option to set the trusted HTTP header to get the visitors IP in such a case (avoiding security issue if malicious clients just set these headers themselfs)
2015-09-18 22:31:01 +02:00
parent 801cdc627e
commit 47efedf23c
2 changed files with 16 additions and 1 deletions
--- a/cfg/conf.ini
+++ b/cfg/conf.ini
@@ -71,6 +71,12 @@ markdown = "Markdown"
 ; time limit between calls from the same IP address in seconds
 ; Set this to 0 to disable rate limiting.
 limit = 10
+
+; (optional) if your website runs behind a reverse proxy or load balancer,
+; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
+; header = "X_FORWARDED_FOR"
+
+; directory to store the traffic limits in
 dir = PATH "data"

 [model]