libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] MHD_OPTION_PER_IP_CONNECTION_LIMIT behaviour behind a re


From: Emmanuel Engelhart
Subject: [libmicrohttpd] MHD_OPTION_PER_IP_CONNECTION_LIMIT behaviour behind a reverse proxy
Date: Sun, 6 Feb 2022 11:54:36 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0

Hi,

At Kiwix, our most critical use case of libmicrohttpd is behind a reverse-proxy. One of the reason is to be able to easily provide a HTTPS end-point. With the success of HTTPS, I suspect that this might even be meanwhile a common use-case for libmicrohttpd.

Because this service has a high throughput, we keep improving the overall performance and better secure the stability of the service. This is why we consider using MHD_OPTION_PER_IP_CONNECTION_LIMIT to better handle how the connections are distributed.

My first remark/question is about microhttpd.h. It is written in the comment "The default is zero", but actually the code stays that "MHD_OPTION_PER_IP_CONNECTION_LIMIT = 5". I find it pretty confusing to understand what is the default behaviour if nothing is specified!

The second point is regarding the behaviour if the daemon is behind a reverse-proxy. From what I see in the code, in such a scenario the reverse-proxy IP will be interpreted as the client IP, right (which means that it won't probably behave like expected)? If "yes", have you consider to check first https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For? In such a case the daemon would always behave properly IMO.

Regards
Kelson

--
Kiwix - Wikipedia Offline & more
* Web: https://kiwix.org/
* Twitter: https://twitter.com/KiwixOffline
* Wiki: https://wiki.kiwix.org/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]