Skip to content

Limiter v2.1.0
Compare
Choose a tag to compare
@novln novln released this 10 Nov 10:47
· 302 commits to master since this release
v2.1.0
0d25c13
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release changes the default behaviour on how to retrieve real client IP.

There was a security issue by trusting X-Forwarded-For and X-Real-Ip, so if your server wasn't running behind a well-configured reverse-proxy, someone could do an IP spoofing on the limiter.

With this release, you have to explicitly define that you want to use these headers.

Assets 2
Loading