|
From: | Emmanuel Engelhart |
Subject: | [libmicrohttpd] MHD_OPTION_PER_IP_CONNECTION_LIMIT behaviour behind a reverse proxy |
Date: | Sun, 6 Feb 2022 11:54:36 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 |
Hi,At Kiwix, our most critical use case of libmicrohttpd is behind a reverse-proxy. One of the reason is to be able to easily provide a HTTPS end-point. With the success of HTTPS, I suspect that this might even be meanwhile a common use-case for libmicrohttpd.
Because this service has a high throughput, we keep improving the overall performance and better secure the stability of the service. This is why we consider using MHD_OPTION_PER_IP_CONNECTION_LIMIT to better handle how the connections are distributed.
My first remark/question is about microhttpd.h. It is written in the comment "The default is zero", but actually the code stays that "MHD_OPTION_PER_IP_CONNECTION_LIMIT = 5". I find it pretty confusing to understand what is the default behaviour if nothing is specified!
The second point is regarding the behaviour if the daemon is behind a reverse-proxy. From what I see in the code, in such a scenario the reverse-proxy IP will be interpreted as the client IP, right (which means that it won't probably behave like expected)? If "yes", have you consider to check first https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For? In such a case the daemon would always behave properly IMO.
Regards Kelson -- Kiwix - Wikipedia Offline & more * Web: https://kiwix.org/ * Twitter: https://twitter.com/KiwixOffline * Wiki: https://wiki.kiwix.org/
[Prev in Thread] | Current Thread | [Next in Thread] |