rpc: add option to `whitelist ips` in rate limiting (#3701)
This PR adds two new CLI options to disable rate limiting for certain ip addresses and whether to trust "proxy header". After going back in forth I decided to use ip addr instead host because we don't want rely on the host header which can be spoofed but another solution is to resolve the ip addr from the socket to host name. Example: ```bash $ polkadot --rpc-rate-limit 10 --rpc-rate-limit-whitelisted-ips 127.0.0.1/8 --rpc-rate-limit-trust-proxy-headers ``` The ip addr is read from the HTTP proxy headers `Forwarded`, `X-Forwarded-For` `X-Real-IP` if `--rpc-rate-limit-trust-proxy-headers` is enabled if that is not enabled or the headers are not found then the ip address is read from the socket. //cc @BulatSaif can you test this and give some feedback on it?
Please register or sign in to comment