httpx

pkg/httpx

Fork 0

Commit Graph

Author	SHA1	Message	Date
Aleksey Shakhmatov	2d4a06e715	Harden RateLimit against X-Forwarded-For spoofing Key on RemoteAddr by default; honor X-Forwarded-For only when the peer is a configured trusted proxy (WithTrustedProxies), walking right-to-left to the first untrusted hop. This closes a trivial rate-limit bypass and the matching unbounded-bucket DoS via spoofed headers. Add WithMaxKeys with opportunistic eviction of idle (fully-refilled) buckets to bound memory. Drop the hand-rolled indexOf in favor of stdlib.	2026-05-23 13:47:08 +03:00
Aleksey Shakhmatov	3395f70abd	Add server RateLimit middleware with per-key token bucket Protects against abuse with configurable rate/burst per client IP. Supports custom key functions, X-Forwarded-For extraction, and Retry-After headers on 429 responses. Uses internal/clock for testability. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-22 21:47:51 +03:00

Author

SHA1

Message

Date

Aleksey Shakhmatov

2d4a06e715

Harden RateLimit against X-Forwarded-For spoofing

Key on RemoteAddr by default; honor X-Forwarded-For only when the peer is
a configured trusted proxy (WithTrustedProxies), walking right-to-left to
the first untrusted hop. This closes a trivial rate-limit bypass and the
matching unbounded-bucket DoS via spoofed headers. Add WithMaxKeys with
opportunistic eviction of idle (fully-refilled) buckets to bound memory.
Drop the hand-rolled indexOf in favor of stdlib.

2026-05-23 13:47:08 +03:00

Aleksey Shakhmatov

3395f70abd

Add server RateLimit middleware with per-key token bucket

Protects against abuse with configurable rate/burst per client IP.
Supports custom key functions, X-Forwarded-For extraction, and
Retry-After headers on 429 responses. Uses internal/clock for
testability.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-22 21:47:51 +03:00

2 Commits