github: shadowy octopus with the head of a robot, emblazoned with the Dreamwidth swirl (Default)
github ([personal profile] github) wrote in [site community profile] changelog2026-02-15 09:25 am
  • Add Memory
  • Share This Entry

[dreamwidth/dreamwidth] a16c0d: Use LJ::get_remote_ip() instead of raw REMOTE_ADDR...

Branch: refs/heads/main Home: https://github.com/dreamwidth/dreamwidth Commit: a16c0dc6a2b0f6f522ff4b1932900ca9cbe3bfa7 https://github.com/dreamwidth/dreamwidth/commit/a16c0dc6a2b0f6f522ff4b1932900ca9cbe3bfa7 Author: Mark Smith mark@dreamwidth.org Date: 2026-02-15 (Sun, 15 Feb 2026)

Changed paths: M cgi-bin/DW/Captcha/reCAPTCHA.pm M cgi-bin/Plack/Middleware/DW/RateLimit.pm

Log Message:

Use LJ::get_remote_ip() instead of raw REMOTE_ADDR in Plack middleware

RateLimit.pm was reading $env->{REMOTE_ADDR} directly, which under the ALB is the load balancer's internal IP, not the client's. The Apache path uses LJ::get_remote_ip() which goes through DW::Request and picks up the real IP set by the XForwardedFor middleware. Match that behavior.

Same issue in reCAPTCHA.pm which was reading $ENV{REMOTE_ADDR} (the process-level env var) — also wrong under Plack/Starman.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

To unsubscribe from these emails, change your notification settings at https://github.com/dreamwidth/dreamwidth/settings/notifications

  • Add Memory
  • Share This Entry
(0 comments)

Post a comment in response:

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.