sec: FIX: rate-limit fix to work with the actual http proxy header
This commit is contained in:
parent
25b7b21412
commit
e9d195a2ec
GPG key ID:
CA295D643074C68C
2 changed files with 17 additions and 2 deletions
|
|
@ -99,6 +99,7 @@ podman run -d --name aukpad-app \
|
|||
-e MAX_TEXT_SIZE=5 \
|
||||
-e MAX_CONNECTIONS_PER_IP=20 \
|
||||
-e RETENTION_HOURS=72 \
|
||||
-e TRUST_PROXY=true \
|
||||
git.uphillsecurity.com/cf7/aukpad:latest
|
||||
```
|
||||
|
||||
|
|
@ -118,6 +119,7 @@ The following environment variables can be configured:
|
|||
| `MAX_CONNECTIONS_PER_IP` | `10` | Maximum concurrent connections per IP address |
|
||||
| `RETENTION_HOURS` | `48` | How long to retain pads in hours after last access |
|
||||
| `MAX_ROOMS` | `10000` | Maximum number of pads kept in memory; new pads are refused (WS close 1008) when full until cleanup reclaims space |
|
||||
| `TRUST_PROXY` | `false` | If `true`, read the client IP from `X-Forwarded-For` (first entry) or `X-Real-IP` for per-IP rate/connection limits. Only enable when aukpad sits behind a reverse proxy that strips/sets these headers — otherwise they can be spoofed |
|
||||
| `DESCRIPTION` | `powered by aukpad.com` | Instance description shown on info page |
|
||||
|
||||
---
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue