2 months ago
I'm trying to validate incoming Clerk (Svix) webhooks by checking that the request IP is in the official list at https://docs.svix.com/webhook-ips.json.
However, the requests reaching my Railway app show IPs like 100.64.0.x, which are not in that list.
It seems the real Svix IPs are not visible to my application, and I’m not sure why.
2 Replies
2 months ago
Hey there! We've found the following might help you get unblocked faster:
If you find the answer from one of these, please let us know by solving the thread!
2 months ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open brody • about 2 months ago
2 months ago
I think I found the solution.
What’s happening
When Svix (Clerk’s webhook service) sends a request to your Railway app:
The request first goes through Railway’s internal load balancer or proxy.
Railway then forwards it to your container over its internal network.
As a result, in your app
request.client.hostappears as something like100.64.0.x(Railway’s internal IP range), not the original Svix IP.
How to fix it
When Railway forwards the request, it sets the X-Forwarded-For header to include the original client IP address (the Svix IP).
You should trust the real client IP from the X-Forwarded-For header instead of request.client.host.
Status changed to Solved naftulisinger • about 2 months ago