Hi
As per the documentation of rate limit plugin, Rate limiting plugin will throttle the client requests based on client_ip of end user.
What if there is a corporate proxy between end user and API GW? The typical request flow that I am thinking about looks like this: End user (browser) —> corporate proxy —> Load balancer —> Kong API GW
In this case even if use we x-forwarded-for(with load balancer) OR remote_addr (without load balancer) to determine the actual end user’s IP address, will it give it correctly OR it will be of corporate proxy server?
thanks in adance
1 Like
Hi
can anybody help me to understand the above behaviour from Rate Limit plugin?
Thanks in Advance
1 Like
i´ve had the same problem.
any one else ??
Kong’s rate limiting plugin is going to pull the IP address using the kong.client.get_forwarded_ip() PDK method, a method which uses Kong’s understanding of the forwarded or client IP address. You can configure how Kong detects the forwarded IP address using the trusted_ips, real_ip_header, and real_ip_recursive configurations within kong.conf
. See the linked documentation for how to configure those values.
For an example, here is how we configure those configuration variables:
trusted_ips = <comma-delimeted list of IP addresses for our load balancer>
real_ip_header = X-Forwarded-For
real_ip_recursive = on
Hope that helps.