afnix/infra
2
1
Fork 8
Code Issues 51 Code Review (Gerrit) Projects 2 Releases Packages Wiki Activity

Our reaction defenses for Forgejo are useless #293

New issue
Closed
opened 2025-08-27 19:04:55 +00:00 by raito · 1 comment
raito commented 2025-08-27 19:04:55 +00:00 (Migrated from git.lix.systems)
Copy link
Aug 27 19:03:12 lix forgejo[3758191]: router: slow      GET /lix-project/lix/issues?
assignee=60&labels=121%2C154%2C155%2C156%2C161%2C192%2C193%2C194%2C196%2C199%2C200%2C201%2C202%2C207%2C233%2C235%2C243%2C248%2C251&milestone=55&poster=0&project=19&sort=latest&state=closed&type=all for 127.0.0.1:0, elapsed 3014.2ms @ repo/issue.go:509(repo.Issues)

Here's the sort of log lines we have, notice that we are not able to see through the real IP used to contact us.

I suppose this is a X-Forward shaped bug related to NGINX.

``` Aug 27 19:03:12 lix forgejo[3758191]: router: slow GET /lix-project/lix/issues? assignee=60&labels=121%2C154%2C155%2C156%2C161%2C192%2C193%2C194%2C196%2C199%2C200%2C201%2C202%2C207%2C233%2C235%2C243%2C248%2C251&milestone=55&poster=0&project=19&sort=latest&state=closed&type=all for 127.0.0.1:0, elapsed 3014.2ms @ repo/issue.go:509(repo.Issues) ``` Here's the sort of log lines we have, notice that we are not able to see through the real IP used to contact us. I suppose this is a X-Forward shaped bug related to NGINX.
raito commented 2025-08-27 20:52:28 +00:00 (Migrated from git.lix.systems)
Copy link

There were no proxy headers I think in NGINX. I implemented a fix at 20:33:00 CEST, and all IPs came.

There were no proxy headers I think in NGINX. I implemented a fix at 20:33:00 CEST, and all IPs came.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
ci-config
sandbox/raito/ci-config
No results found.
Labels
Clear labels   
Compat/Breaking

Breaking change that won't be backward compatible

  
Difficulty/Architectural

Requires changes in multiple pieces of the stack: the Nix interpreter, etc.

  
Difficulty/Easy

Infrastructure beginner friendly tasks

  
Difficulty/Hard

Requires prior knowledge, research and design

  
Help Wanted

Looking for a first task to pick? This one is looking for somefew to do it as well!

  
Kind/Bug

Something is not working

  
Kind/Documentation

Documentation changes

  
Kind/Enhancement

Improve existing functionality

  
Kind/Feature

New functionality

  
Kind/Testing

Issue or pull request related to testing

  
Priority/Critical

The priority is critical

  
Priority/High

The priority is high

  
Priority/Low

The priority is low

  
Priority/Medium

The priority is medium

  
Reviewed/Confirmed

Issue has been confirmed

  
Reviewed/Duplicate

This issue or pull request already exists

  
Reviewed/Invalid

Invalid issue

  
Reviewed/Won't Fix

This issue won't be fixed

  
Security

This is a security issue

  
Silenced Alert

This issue was created to track a silenced alert which needs remediation work.

  
Status/Abandoned

Somebody has started to work on this but abandoned work

  
Status/Blocked

Something is blocking this issue or pull request

  
Status/Need More Info

Feedback is required to reproduce issue or to continue work

  
Status/Postponed

We can do this later

  
Tracking Issue

Umbrella issue of many things at the same time

No labels
Compat/Breaking
Difficulty/Architectural
Difficulty/Easy
Difficulty/Hard
Help Wanted
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Testing
Priority/Critical
Priority/High
Priority/Low
Priority/Medium
Reviewed/Confirmed
Reviewed/Duplicate
Reviewed/Invalid
Reviewed/Won't Fix
Security
Silenced Alert
Status/Abandoned
Status/Blocked
Status/Need More Info
Status/Postponed
Tracking Issue
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
afnix/infra#293
No description provided.