Skip to content

Fix Proxy web server middleware order#51386

Merged
rosstimothy merged 1 commit intomasterfrom
tross/http_middleware_order
Jan 23, 2025
Merged

Fix Proxy web server middleware order#51386
rosstimothy merged 1 commit intomasterfrom
tross/http_middleware_order

Conversation

@rosstimothy
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy commented Jan 22, 2025

The limiter middleware was being executed prior to the middleware responsible updating the client IP from X-Forwarded-For headers. This results in erroneously enforcing connection limits in NAT environments.

changelog: Fix an issue that prevented IPs provided in the X-Forwarded-For header from being honored in some scenarios when TrustXForwardedFor is enabled.

@rosstimothy
Fix Proxy web server middleware order
b762d38 
The limiter middleware was being executed prior to the middleware
responsible updating the client IP from X-Forwarded-For headers.
This results in erroneously enforcing connection limits in NAT
environments.
@rosstimothy rosstimothy force-pushed the tross/http_middleware_order branch from a944f46 to b762d38 Compare January 23, 2025 00:00
@rosstimothy rosstimothy marked this pull request as ready for review January 23, 2025 00:21
@github-actions github-actions Bot requested review from creack and espadolini January 23, 2025 00:21
espadolini
espadolini approved these changes Jan 23, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@espadolini espadolini left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we apply the limiter before the tracing?

edit: it already is, nevermind

edit 2: is it? 🤔

@public-teleport-github-review-bot public-teleport-github-review-bot Bot removed the request for review from creack January 23, 2025 00:54
@tigrato
Copy link
Copy Markdown
Contributor

tigrato commented Jan 23, 2025

Should we apply the limiter before the tracing?

edit: it already is, nevermind

edit 2: is it? 🤔

No it's not. Xff - tracing -limiter is the correct order of execution

@rosstimothy rosstimothy added this pull request to the merge queue Jan 23, 2025
@greedy52 greedy52 mentioned this pull request Jan 23, 2025
Closed
Merged via the queue into master with commit 2617a3d Jan 23, 2025
@rosstimothy rosstimothy deleted the tross/http_middleware_order branch January 23, 2025 15:57
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Jan 23, 2025

@rosstimothy See the table below for backport results.

Branch Result
branch/v15 Failed
branch/v16 Failed
branch/v17 Create PR

@rosstimothy rosstimothy mentioned this pull request Jan 23, 2025
Merged
rosstimothy added a commit that referenced this pull request Jan 23, 2025
@rosstimothy
Fix Proxy web server middleware order (#51386)
6e01eea 
The limiter middleware was being executed prior to the middleware
responsible updating the client IP from X-Forwarded-For headers.
This results in erroneously enforcing connection limits in NAT
environments.
@rosstimothy rosstimothy mentioned this pull request Jan 23, 2025
Merged
rosstimothy added a commit that referenced this pull request Jan 23, 2025
@rosstimothy
Fix Proxy web server middleware order (#51386)
65e9e7e 
The limiter middleware was being executed prior to the middleware
responsible updating the client IP from X-Forwarded-For headers.
This results in erroneously enforcing connection limits in NAT
environments.
@rosstimothy rosstimothy mentioned this pull request Jan 23, 2025
Merged
github-merge-queue Bot pushed a commit that referenced this pull request Jan 23, 2025
@rosstimothy
Fix Proxy web server middleware order (#51386) (#51424)
d1fb91a 
The limiter middleware was being executed prior to the middleware
responsible updating the client IP from X-Forwarded-For headers.
This results in erroneously enforcing connection limits in NAT
environments.
github-merge-queue Bot pushed a commit that referenced this pull request Jan 23, 2025
@rosstimothy
Fix Proxy web server middleware order (#51386) (#51425)
1a304eb 
The limiter middleware was being executed prior to the middleware
responsible updating the client IP from X-Forwarded-For headers.
This results in erroneously enforcing connection limits in NAT
environments.
carloscastrojumo pushed a commit to carloscastrojumo/teleport that referenced this pull request Feb 19, 2025
@rosstimothy @carloscastrojumo
Fix Proxy web server middleware order (gravitational#51386)
2888c6e 
The limiter middleware was being executed prior to the middleware
responsible updating the client IP from X-Forwarded-For headers.
This results in erroneously enforcing connection limits in NAT
environments.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@espadolini espadolini espadolini approved these changes

@tigrato tigrato tigrato approved these changes

+1 more reviewer

@creack creack creack approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/branch/v17 size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rosstimothy @tigrato @creack @espadolini