Flask App Keep Getting Called From 192.168.0.x

I'm not sure if this is the right place to ask, but i noticed that my app is getting call from 192.168.0.x. i suspect this causing my memory usage keep climbing up. this is a new site, i don't think anyone know about it yet. I don't know what i did wrong.
No description
12 Replies
Percy
Percy10mo ago
Project ID: 6d001e3f-d28c-4fb5-94b0-a4e5a804bb73
ardin1207
ardin120710mo ago
6d001e3f-d28c-4fb5-94b0-a4e5a804bb73
Adam
Adam10mo ago
looks like you’re getting targeted, i’ve never seen this before. does your service have a public link?
ardin1207
ardin120710mo ago
what do you mean by targeted? yes it has
Adam
Adam10mo ago
someone has a bot trying to get into your app unless you have anything private in there, you’ll be fine
ardin1207
ardin120710mo ago
ah yes, someone tried to buy my site once but i declined. i was suspecting this as well. then earlier today i implemented rate limiter. it stopped some requests (the 429 above in the screnshot) but i couldn't access the url that got 429 too myself.
Adam
Adam10mo ago
Looks like they’re just iterating through a dictionary of words trying to find an endpoint I wouldn’t worry about it since you’ve implemented a rate limit
Brody
Brody10mo ago
it does look like some silly bot, but it's 192.168.0.x because that's railways proxy and you haven't trusted the proxy header X-Forwarded-For that shows the origin ip
ardin1207
ardin120710mo ago
ah thanks @Brody i've been wondering why it shows 192.168.0.x. how do i trust the proxy header so i can rate limit it properly?
Brody
Brody10mo ago
nearly every framework in existence has a "trust proxy" or "real ip" middleware that looks at some proxy headers and updates the request object with the values from some proxy headers
ardin1207
ardin120710mo ago
thanks! i'm trying it now after printing the user agent, turns out the request came from moz crawler. i setup crawler rules in the robots.txt now it's fine.
Brody
Brody10mo ago
perfect, glad you found a solution!