From ff21e53f5a75fbe4686d5974f9f4840ef5d3deb1 Mon Sep 17 00:00:00 2001 From: MINIT <129549180+MinitJain@users.noreply.github.com> Date: Tue, 5 May 2026 13:51:12 +0530 Subject: [PATCH] =?UTF-8?q?fix(nginx):=20correct=20real=5Fip=5Fheader=20ty?= =?UTF-8?q?po=20X-Forward-For=20=E2=86=92=20X-Forwarded-For=20(#8935)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Forward-For is not a real HTTP header — the standard is X-Forwarded-For. With the typo, Nginx never replaces $remote_addr with the actual client IP, so rate limiting and IP logging see the proxy IP instead of the real client. Affects all three nginx configs (web, admin, space). --- apps/admin/nginx/nginx.conf | 2 +- apps/space/nginx/nginx.conf | 2 +- apps/web/nginx/nginx.conf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/admin/nginx/nginx.conf b/apps/admin/nginx/nginx.conf index 0fd4a192ae..36f6281286 100644 --- a/apps/admin/nginx/nginx.conf +++ b/apps/admin/nginx/nginx.conf @@ -11,7 +11,7 @@ http { set_real_ip_from 0.0.0.0/0; real_ip_recursive on; - real_ip_header X-Forward-For; + real_ip_header X-Forwarded-For; limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; access_log /dev/stdout; diff --git a/apps/space/nginx/nginx.conf b/apps/space/nginx/nginx.conf index c0fe3730d1..e6f15b1ee3 100644 --- a/apps/space/nginx/nginx.conf +++ b/apps/space/nginx/nginx.conf @@ -11,7 +11,7 @@ http { set_real_ip_from 0.0.0.0/0; real_ip_recursive on; - real_ip_header X-Forward-For; + real_ip_header X-Forwarded-For; limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; access_log /dev/stdout; diff --git a/apps/web/nginx/nginx.conf b/apps/web/nginx/nginx.conf index 34e07ba4be..b6719971cd 100644 --- a/apps/web/nginx/nginx.conf +++ b/apps/web/nginx/nginx.conf @@ -11,7 +11,7 @@ http { set_real_ip_from 0.0.0.0/0; real_ip_recursive on; - real_ip_header X-Forward-For; + real_ip_header X-Forwarded-For; limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; access_log /dev/stdout;