Search code examples
phplaravelbandwidth-throttling

Throttle issue with server accessing a Laravel API


I have an API that is using Laravel that is being called from another instance of Laravel with Guzzle.

The second server's IP address is triggering the throttle on the API.

I would like to pass through the user's domain and IP address from the second server to the API. I am hoping not to recode the Throttle middleware.

I am wondering if anyone has faced this before and if so how they solved it.

The middleware group on the API is set up like this

/**
 * The application's route middleware groups.
 *
 * @var array
 */
protected $middlewareGroups = [
    'api' => [
        'throttle:60,1',
        \Barryvdh\Cors\HandleCors::class,
        'bindings',
    ],
];

relevant throttle code

/**
 * Resolve request signature.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return string
 *
 * @throws \RuntimeException
 */
protected function resolveRequestSignature($request)
{
    if ($user = $request->user()) {
        return sha1($user->getAuthIdentifier());
    }
    if ($route = $request->route()) {
        return sha1($route->getDomain().'|'.$request->ip());
    }
    throw new RuntimeException('Unable to generate the request signature. Route unavailable.');
}

Solution

  • You can pass the client's IP address with the X_FORWARDED_FOR header, that way the IP address of the second server is not blocked.

    Route::get('/', function (Request $request) {
    
        $client = new \GuzzleHttp\Client();
    
        $request = $client->request('GET', '/api/example', [
            'headers' => ['X_FORWARDED_FOR' => $request->ip()]
        ]);
    
        $response = $request->getBody();
    
    });
    

    On your main server you need to add your second server as a trusted proxy (docs) to App\Http\Middleware\TrustProxies in order to take the IP from this header.

    class TrustProxies extends Middleware
    {
        /**
         * The trusted proxies for this application.
         *
         * @var array
         */
        protected $proxies = [
            '192.168.1.1', // <-- set the ip of the second server here 
        ];
    
        //...
    }
    

    Now every call to $request->ip() on the main server will have the original client IP instead of the second server's IP. That will also affect the throttling.