![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dreamwidth/dreamwidth] a16c0d: Use LJ::get_remote_ip() instead of raw REMOTE_ADDR...
Branch: refs/heads/main Home: https://github.com/dreamwidth/dreamwidth Commit: a16c0dc6a2b0f6f522ff4b1932900ca9cbe3bfa7 https://github.com/dreamwidth/dreamwidth/commit/a16c0dc6a2b0f6f522ff4b1932900ca9cbe3bfa7 Author: Mark Smith mark@dreamwidth.org Date: 2026-02-15 (Sun, 15 Feb 2026)
Changed paths: M cgi-bin/DW/Captcha/reCAPTCHA.pm M cgi-bin/Plack/Middleware/DW/RateLimit.pm
Log Message:
Use LJ::get_remote_ip() instead of raw REMOTE_ADDR in Plack middleware
RateLimit.pm was reading $env->{REMOTE_ADDR} directly, which under the ALB is the load balancer's internal IP, not the client's. The Apache path uses LJ::get_remote_ip() which goes through DW::Request and picks up the real IP set by the XForwardedFor middleware. Match that behavior.
Same issue in reCAPTCHA.pm which was reading $ENV{REMOTE_ADDR} (the process-level env var) — also wrong under Plack/Starman.
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
To unsubscribe from these emails, change your notification settings at https://github.com/dreamwidth/dreamwidth/settings/notifications