Logs are polluted with the "No IP address found for rate limiting" message
Hello there! Thanks for the great library, it is really easy and straightforward to use it ๐
After bumping to the latest
better-auth version (1.3.4), I noticed that my logs became polluted with the No IP address found for rate limiting message that comes from this place in the better-auth lib.
This change was introduced 2 weeks ago by this commit alongside the docs updates on how to configure rate limiting for Cloudflare.
I started investigating the cause of seeing this error message, and it appeared that there are 2 scenarios that lead to it:
- internal healthcheck that comes from within the cluster rather than through the internet, so therefore it doesn't go through Cloudflare, and required headers (cf-connecting-ip, x-forwarded-for, cf-pseudo-ipv4) are not present there
- better-auth internals for NextJS (docs) for obtaining a session that, currently, requires to perform an API call via auth.api.getSession . This call triggers the No IP address found for rate limiting log being fired, as Cloudflare headers are not present again, as NextJS makes this call internally.
Polluting logs is not the best outcome, as they become quite unreadable due to the frequency of these 2 calls, + it increases the costs of the logs aggregators that usually charge for the log ingestion size.
It would be great if it is possible to disable this log message via config, or, even better, having it disabled by default, as that's the least intrusive approach.
Please, let me know whether that makes sense or whether I should share more details.
ThanksGitHub
docs: extend rate limiting docs and add small warning (#3365) ยท be...
* refactor: remove useless variable assignment
* refactor: remove unused param
* docs: extend rate limit docs to include info about connecting ip address and how it's used
* fix: linting
Next.js integration | Better Auth
Integrate Better Auth with Next.js.
GitHub
better-auth/packages/better-auth/src/api/rate-limiter/index.ts at m...
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
2 Replies
Heyo , nice catch , made a pr to remove it. thanks ๐ฅฐ.
Thanks, Robi