The Fix
Upgrade to version 0.11.4 or later.
Based on closed Kludex/uvicorn issue #589 · PR/commit linked
Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.
@@ -2,6 +2,7 @@
from gunicorn.workers.base import Worker
+
from uvicorn.config import Config
from uvicorn.main import Server
gunicorn \
ppm_telegram_bot.api:app \
--forwarded-allow-ips="*"
--worker-class=uvicorn.workers.UvicornWorker \
--bind=0.0.0.0:$PORT
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Option A — Upgrade to fixed release\nUpgrade to version 0.11.4 or later.\nWhen NOT to use: This fix should not be used if the application does not require accurate client IP forwarding.\n\nOption C — Workaround\n— set `FORWARDED_ALLOW_IPS="*"` as env var before running gunicorn\nWhen NOT to use: This fix should not be used if the application does not require accurate client IP forwarding.\n\n
Why This Fix Works in Production
- Trigger: Uvicorn via gunicorn worker doesn't respect `--forwarded-allow-ips`
- Mechanism: Uvicorn worker does not respect Gunicorn's forwarded-allow-ips configuration, leading to incorrect client IP handling
- Why the fix works: Adds support for the `forwarded-allow-ips` configuration to the gunicorn worker in Uvicorn, addressing issue #589. (first fixed release: 0.11.4).
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- Uvicorn worker does not respect Gunicorn's forwarded-allow-ips configuration, leading to incorrect client IP handling
- Production symptom (often without a traceback): Uvicorn via gunicorn worker doesn't respect `--forwarded-allow-ips`
Proof / Evidence
- GitHub issue: #589
- Fix PR: https://github.com/kludex/uvicorn/pull/592
- First fixed release: 0.11.4
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.75
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Current workaround — set FORWARDED_ALLOW_IPS="*" as env var before running gunicorn”
“The suggested change sounds legit to me @b0g3r, happy to review PRs. :-) Edit: oh there's already #592. 🤦”
“I have kinda similar problem, I'd like actually to put proxy IP as forwarded-allow-ips, but when I do forwarded-allow-ips="mydomain.com" it doesn't work, I suppose that's…”
“Try "userland-proxy": false in /etc/docker/daemon.json, which makes it so the proxy can see the actual IP of the client rather than the Docker bridge.”
Failure Signature (Search String)
- Uvicorn via gunicorn worker doesn't respect `--forwarded-allow-ips`
- Gunicorn has a special option to change proxy-ip to real-ip, so I running gunicorn like this:
Copy-friendly signature
Failure Signature
-----------------
Uvicorn via gunicorn worker doesn't respect `--forwarded-allow-ips`
Gunicorn has a special option to change proxy-ip to real-ip, so I running gunicorn like this:
Error Message
Signature-only (no traceback captured)
Error Message
-------------
Uvicorn via gunicorn worker doesn't respect `--forwarded-allow-ips`
Gunicorn has a special option to change proxy-ip to real-ip, so I running gunicorn like this:
Minimal Reproduction
gunicorn \
ppm_telegram_bot.api:app \
--forwarded-allow-ips="*"
--worker-class=uvicorn.workers.UvicornWorker \
--bind=0.0.0.0:$PORT
What Broke
Requests receive incorrect client IPs, causing issues with client identification and logging.
Why It Broke
Uvicorn worker does not respect Gunicorn's forwarded-allow-ips configuration, leading to incorrect client IP handling
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
Upgrade to version 0.11.4 or later.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Option C — Workaround Temporary workaround
— set `FORWARDED_ALLOW_IPS="*"` as env var before running gunicorn
Use only if you cannot change versions today. Treat this as a stopgap and remove once upgraded.
Fix reference: https://github.com/kludex/uvicorn/pull/592
First fixed release: 0.11.4
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix should not be used if the application does not require accurate client IP forwarding.
Verify Fix
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Capture the exact failing error string in logs and tests so you can reproduce via a minimal script.
- Pin production dependencies and upgrade only with a reproducible test that hits the failing path.
Version Compatibility Table
| Version | Status |
|---|---|
| 0.11.4 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.