Closed
Bug 1095161
Opened 10 years ago
Closed 10 years ago
Rate limiting breaks when behind an ELB
Categories
(Webmaker Graveyard :: Login, defect)
Webmaker Graveyard
Login
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: cade, Assigned: cade)
References
Details
(Whiteboard: [login3] [nov14])
Attachments
(3 files)
The webmaker auth middleware is trying to send along the source ip of a request as an x-forwarded-for header.
This breaks when the login server itself is behind an ELB and overwrites that header with the source IP of the app server sending the request.
|
Assignee | |
Comment 1•10 years ago
|
||
|
|
Assignee | |
Comment 2•10 years ago
|
||
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8518504 -
Flags: review?(jon)
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8518505 -
Flags: review?(jon)
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8518504 [details] [review]
https://github.com/mozilla/webmaker-auth/pull/18
r+, but when you tag this, make sure it's a major version change since you removed some API bits.
Attachment #8518504 -
Flags: review?(jon) → review+
|
|
||
Updated•10 years ago
|
Attachment #8518505 -
Flags: review?(jon) → review+
|
|
Assignee | |
Comment 4•10 years ago
|
||
This is working, but better handling needs to be added to the webmaker-auth handlers so that 429's are properly forwarded to the client.
|
|
Assignee | |
Comment 5•10 years ago
|
||
Attachment #8520744 -
Flags: review?(jon)
|
|
||
Updated•10 years ago
|
Attachment #8520744 -
Flags: review?(jon) → review+
|
|
Assignee | |
Comment 6•10 years ago
|
||
updated apps: webmakerorg, events, profile
todo: popcorn, thimble, goggles, appmaker
|
|
Assignee | |
Comment 7•10 years ago
|
||
All apps on staging now have the rate limiting fix in place!
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•