Understanding how NUM_PROXIES works #9060
-
Hi there, I'm not sure if I fully understand how According to the documentation and #3234 using When we have this information in X-Forwarded-For If so, then the test cases for spoofing look wrong. In the test cases we have the following setup code: django-rest-framework/tests/test_throttling.py Lines 396 to 397 in 589b5dc Rate is limited to 1 request per day, so that only one request from the same IP is accepted and all following requests are denied. I left this out from the snippet to focus on the relevant parts. This is the test case: django-rest-framework/tests/test_throttling.py Lines 414 to 419 in 589b5dc
Then in line 418 the X-Forwarded-For header is modified. The first IP after the proxy Looking at the implementation of django-rest-framework/rest_framework/throttling.py Lines 36 to 38 in 589b5dc When Those code parts haven't changed for about a decade. That's why I'm really not sure, if I totally misunderstand how it's supposed to work ;) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Ah, the problem was on my side! First I counted the number of proxies in my environment wrong, I've missed one. And second I've missed the fact that the last proxy isn't in X-Forwarded-For, of course! Closing this discussion, but I hope it saves some time for others when struggling with similar problems. |
Beta Was this translation helpful? Give feedback.
Ah, the problem was on my side! First I counted the number of proxies in my environment wrong, I've missed one. And second I've missed the fact that the last proxy isn't in X-Forwarded-For, of course!
Closing this discussion, but I hope it saves some time for others when struggling with similar problems.