Issue with Rate limiter
I have an application running in AWS. The application is behind the elastic load balancer. I am using the filament panel for login. The issue is that the login page as well as reset password page and maybe some more pages are showing too many login attempts even on the first attempt of login. Digging around a little bit, I realise that the Login page using rateLimit(5). Now I thought that 5 should be the number of attempts per ip, but in my case it looks like the global bound. Digging some more, I realise that the rateLimit is defined in a trait called WithRateLimiting and it is indeed setting the ip. Since my server is behind the load balancer, it is getting the ip of the load balancer and not the client ip. I found that the ip can be obtained by using few lines of code ( obtained from internet) and if I replace it with the request()->ip() that is used by the new ip, the problem seems to go away. But this will mean that I am changing a vendor file and when there is a update, I will lose this. Is there some other solution that I can implement? Thanks in advance for help or suggestions.
3 Replies
You should configure your trusted proxies. See this stack overflow question:
https://stackoverflow.com/questions/58780959/laravel-request-returning-load-balancer-ip-instead-of-client-ip
Or check the Laravel docs:
https://laravel.com/docs/12.x/requests#configuring-trusted-proxies
HTTP Requests - Laravel 12.x - The PHP Framework For Web Artisans
Laravel is a PHP web application framework with expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things.
Thanks for the response. However I tried this before posting. The request()->ip() is still returning the ip address of the load balancer. I did not have this issue earlier. I wonder if they changed this in 12.x