Fix Proxy web server middleware order

The limiter middleware was being executed prior to the middleware responsible updating the client IP from X-Forwarded-For headers. This results in erroneously enforcing connection limits in NAT environments.
gravitational · Jan 22, 2025 · a944f46 · a944f46
1 parent aebfaf7
commit a944f46
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/service/service.go b/lib/service/service.go
@@ -4984,8 +4984,8 @@ func (process *TeleportProcess) initProxyEndpoint(conn *Connector) error {
 			Server: &http.Server{
 				Handler: utils.ChainHTTPMiddlewares(
 					webHandler,
-					makeXForwardedForMiddleware(cfg),
 					limiter.MakeMiddleware(proxyLimiter),
+					makeXForwardedForMiddleware(cfg),
 					httplib.MakeTracingMiddleware(teleport.ComponentProxy),
 				),
 				// Note: read/write timeouts *should not* be set here because it