feat: Allow support for trusted IPs to disable throttling (#11226)

Co-authored-by: Pranav <pranav@chatwoot.com>
2025-05-08 20:10:30 -03:00
parent 823c3df27f
commit c73f8aefc5
2 changed files with 17 additions and 4 deletions
--- a/.env.example
+++ b/.env.example
@@ -2,7 +2,7 @@
 # https://www.chatwoot.com/docs/self-hosted/configuration/environment-variables/#rails-production-variables

 # Used to verify the integrity of signed cookies. so ensure a secure value is set
-# SECRET_KEY_BASE should be alphanumeric. Avoid special characters or symbols. 
+# SECRET_KEY_BASE should be alphanumeric. Avoid special characters or symbols.
 # Use `rake secret` to generate this variable
 SECRET_KEY_BASE=replace_with_lengthy_secure_hex

@@ -216,6 +216,8 @@ ANDROID_SHA256_CERT_FINGERPRINT=AC:73:8E:DE:EB:56:EA:CC:10:87:02:A7:65:37:7B:38:
 # ENABLE_RACK_ATTACK=true
 # RACK_ATTACK_LIMIT=300
 # ENABLE_RACK_ATTACK_WIDGET_API=true
+# Comma-separated list of trusted IPs that bypass Rack Attack throttling rules
+# RACK_ATTACK_ALLOWED_IPS=127.0.0.1,::1,192.168.0.10

 ## Running chatwoot as an API only server
 ## setting this value to true will disable the frontend dashboard endpoints
@@ -257,4 +259,3 @@ AZURE_APP_SECRET=
 # Set to true if you want to remove stale contact inboxes
 # contact_inboxes with no conversation older than 90 days will be removed
 # REMOVE_STALE_CONTACT_INBOX_JOB_STATUS=false
-