10 months ago
I'm implementing some rate limiting for a service that I don't want to enforce for requests made from my other services via private networking, but do want to apply to any traffic coming in from the outside world. What's the best way to tell when a request originated from within the private network, without requiring anything additional on the requesting service's side?
3 Replies
10 months ago
You can check for proxy specific headers?
Check for headers such as X-Request-Start or X-Railway-Request-Id
These headers will only be present on public requests and will not ever exist on requests that originate from within the private network, they also could never be maliciously removed from public requests by a user because we explicitly set them on our proxy layer.
10 months ago
!s
Status changed to Solved brody • 10 months ago