Skip to content

Reduce unnecessary calls to Rack::Request.ip_filter #2287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ioquatix merged 2 commits into from
Feb 21, 2025
Merged

Reduce unnecessary calls to Rack::Request.ip_filter #2287

ioquatix merged 2 commits into from
Feb 21, 2025

Conversation

@willbryant
Copy link
Contributor

@willbryant willbryant commented Feb 21, 2025

Previously this was typically invoked for every address found in REMOTE_ADDR/HTTP_FORWARDED/HTTP_X_FORWARDED_FOR. When ip_filter matches against several hundred IP ranges (eg. Cloudfront IP ranges), whole ms could be wasted.

Now it'll only be invoked until one acceptable address is found.

@willbryant
Reduce unnecessary calls to Rack::Request.ip_filter
706e988 
Previously this was typically invoked for every address found in REMOTE_ADDR/HTTP_FORWARDED/HTTP_X_FORWARDED_FOR. When ip_filter matches against several hundred IP ranges (eg. Cloudfront IP ranges), whole ms could be wasted.

Now it'll only be invoked until one acceptable address is found.
jeremyevans
jeremyevans approved these changes Feb 21, 2025
View reviewed changes
Copy link
Contributor

@jeremyevans jeremyevans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this!

@ioquatix
Copy link
Member

ioquatix commented Feb 21, 2025

@willbryant do you mind adding an entry to the changelog?

ioquatix
ioquatix approved these changes Feb 21, 2025
View reviewed changes
Copy link
Member

@ioquatix ioquatix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm okay with this. Of note, is that rejected_trusted_ip_addresses was removed, a public interface. Of course, it's no longer useful and was probably an implementation detail, and I checked GitHub code search and could not see any usage in the wild.

@willbryant
Copy link
Contributor Author

willbryant commented Feb 21, 2025

Yeah, I did wonder about that - and came to the same conclusion, but do you think I should restore it until a future major release to be on the safe side?

@ioquatix
Copy link
Member

ioquatix commented Feb 21, 2025

One option is to restore it and add a deprecation note to it. It is the safest approach. However, it also makes more work for maintainers. So, I'm okay with either option. Let's see what @jeremyevans thinks.

@jeremyevans
Copy link
Contributor

jeremyevans commented Feb 21, 2025

I'm okay with this. Of note, is that rejected_trusted_ip_addresses was removed, a public interface. Of course, it's no longer useful and was probably an implementation detail, and I checked GitHub code search and could not see any usage in the wild.

Are you sure it was public? It comes after the private keyword.

@ioquatix
Copy link
Member

ioquatix commented Feb 21, 2025

Ah yeah you are right, it's way up there haha.

@ioquatix ioquatix merged commit cf24be2 into rack:main Feb 21, 2025
16 checks passed
@willbryant willbryant mentioned this pull request Feb 21, 2025
Closed
@willbryant willbryant deleted the optimize_request_ip branch February 21, 2025 22:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeremyevans jeremyevans jeremyevans approved these changes

@ioquatix ioquatix ioquatix approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@willbryant @ioquatix @jeremyevans