|
From: | Emmanuel Engelhart |
Subject: | Re: [libmicrohttpd] MHD_OPTION_PER_IP_CONNECTION_LIMIT behaviour behind a reverse proxy |
Date: | Sun, 6 Feb 2022 14:58:55 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 |
On 06.02.22 12:39, Christian Grothoff wrote:
You're misreading the code, "5" is the numeric value of the option in the enum, not the actual default limit. The default limit is indeed zero as per the documentation (and a limit for zero means 'unlimited').
Thank you for the clarification. It makes sense.
I think your suggestion to check against X-Forwarded-For is interesting, but I wonder if in that case it would not be better/simpler to simply let the reverse proxy do this check? At least I expected that to be the case, and I think _if_ we implemented an X-Forwarded-For based check, we'd need a new option, new data structure, and it'd also imply a (minor) additional performance hit. So really the question is: if you're behind a reverse proxy, why not configure the reverse proxy to limit the number of connections per IP?
If this is not doable at microhttpd level, we will have to do it in the reverse-proxy indeed. I just though that because there is already an option in microhttpd, and because this is not unusual for Web apps to take care of this case, I would put a message about it.
My personal opinion is that it would be neat and straight forward to have microhttpd just doing the job. If you agree on the principle, we could even maybe propose a patch. But, there is for sure good arguments for both include and not include such a feature. Therefore, whatever your decision on it, I'm sure I will understand it.
Kelson -- Kiwix - Wikipedia Offline & more * Web: https://kiwix.org/ * Twitter: https://twitter.com/KiwixOffline * Wiki: https://wiki.kiwix.org/
[Prev in Thread] | Current Thread | [Next in Thread] |