Merge pull request #7696 from erikjanwestendorp/update-api-rate-limiting

Update api rate limiting

Author: sofietoft

13/umbraco-cms/reference/security/api-rate-limiting.md

@@ -255,4 +255,8 @@ public class ApiRateLimiterComposer : IComposer
     }
 }
 ```
-{% endcode %}
+{% endcode %}
+
+{% hint style="info" %}
+When Umbraco runs behind a WAF or reverse proxy, rate-limiting may fail if the client IP address is not forwarded correctly. Configure your proxy or WAF to send the original client IP using headers like X-Forwarded-For. This will prevent all requests appearing to come from one IP address which would cause incorrect rate-limit enforcement.
+{% endhint %}

16/umbraco-cms/reference/security/api-rate-limiting.md

@@ -255,4 +255,8 @@ public class ApiRateLimiterComposer : IComposer
     }
 }
 ```
-{% endcode %}
+{% endcode %}
+
+{% hint style="info" %}
+When Umbraco runs behind a WAF or reverse proxy, rate-limiting may fail if the client IP address is not forwarded correctly. Configure your proxy or WAF to send the original client IP using headers like X-Forwarded-For. This will prevent all requests appearing to come from one IP address which would cause incorrect rate-limit enforcement.
+{% endhint %}

17/umbraco-cms/reference/security/api-rate-limiting.md

@@ -255,4 +255,8 @@ public class ApiRateLimiterComposer : IComposer
     }
 }
 ```
-{% endcode %}
+{% endcode %}
+
+{% hint style="info" %}
+When Umbraco runs behind a WAF or reverse proxy, rate-limiting may fail if the client IP address is not forwarded correctly. Configure your proxy or WAF to send the original client IP using headers like X-Forwarded-For. This will prevent all requests appearing to come from one IP address which would cause incorrect rate-limit enforcement.
+{% endhint %}