Troubleshooting a 429 (rate limit)

mpalmer · February 21, 2018, 1:54am

If nginx isn’t stripping untrusted XFF, and Discourse is seeing a request from 127.0.0.1 and saying “I trust that IP to give me legit XFF headers”, doesn’t that imply that source IP can be spoofed?

Topic		Replies	Views
Problem Error 429 with Reverse proxy Self-hosting	4	1144	April 30, 2024
Rate Limiting w/ Reverse Proxy Self-hosting	3	692	November 16, 2021
Discourse shows server IP/localhost as user's IP Self-hosting unsupported-install	19	2152	July 12, 2022
All IPs recorded as 127.0.0.1 Self-hosting	6	2753	June 16, 2019
429 Too Many Requests - IP logs disabled - discourse can see 127.0.0.1 only Support	2	639	March 9, 2022

Troubleshooting a 429 (rate limit)

Related topics