[libmicrohttpd] MHD_OPTION_PER_IP_CONNECTION_LIMIT behaviour behind a reverse proxy

[Emmanuel Engelhart]

Hi,

At Kiwix, our most critical use case of libmicrohttpd is behind a 
reverse-proxy. One of the reason is to be able to easily provide a HTTPS 
end-point. With the success of HTTPS, I suspect that this might even be 
meanwhile a common use-case for libmicrohttpd.

Because this service has a high throughput, we keep improving the 
overall performance and better secure the stability of the service. This 
is why we consider using MHD_OPTION_PER_IP_CONNECTION_LIMIT to better 
handle how the connections are distributed.

My first remark/question is about microhttpd.h. It is written in the 
comment "The default is zero", but actually the code stays that 
"MHD_OPTION_PER_IP_CONNECTION_LIMIT = 5". I find it pretty confusing to 
understand what is the default behaviour if nothing is specified!

The second point is regarding the behaviour if the daemon is behind a 
reverse-proxy. From what I see in the code, in such a scenario the 
reverse-proxy IP will be interpreted as the client IP, right (which 
means that it won't probably behave like expected)? If "yes", have you 
consider to check first 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For? 
In such a case the daemon would always behave properly IMO.

Regards
Kelson

--
Kiwix - Wikipedia Offline & more
* Web: https://kiwix.org/
* Twitter: https://twitter.com/KiwixOffline
* Wiki: https://wiki.kiwix.org/