Open MarkCiliaVincenti opened 1 year ago
Have you considered adding the X-Real-IP header through middleware? Here's an example:
app.Use(async (context, next) =>
{
string xfwdheader = "X-Forwarded-For";
string realipheader = "X-Real-IP";
if (context.Request.Headers.ContainsKey(xfwdheader) && !context.Request.Headers.ContainsKey(realipheader))
{
var originatingAddressTrail = context.Request.Headers[xfwdheader].ToString();
var parts = originatingAddressTrail.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
if (parts.Length > 0) {
var clientIp = parts[0].Trim();
context.Request.Headers.Append(realipheader, new Microsoft.Extensions.Primitives.StringValues(clientIp));
}
}
await next.Invoke();
});
AspNetCoreRateLimit supports
X-Real-IP
but notX-Forwarded-For
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
Please note that
X-Forwarded-For
elements are comma-separated, with optional whitespace surrounding the commas. Only the first element is useful for us and this first element should be considered equivalent toX-Real-IP
to the best of my knowledge.