Skip to content

Fix Rate Limiting for Cloud Environments #1

Description

@viceda-s

Problem: The current IP rate limiter uses request.getRemoteAddr(), which returns the Load Balancer's IP in cloud environments, effectively sharing one rate limit across all global users.

Acceptance Criteria:

  • Update IpRateLimitFilter to extract the client IP using the X-Forwarded-For header.
  • Fallback to getRemoteAddr() only if the header is missing.
  • Write a unit test simulating requests with and without the X-Forwarded-For proxy header.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingsecuritySecurity and reliability

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions