This PR changes the behaviour of KeyByIP and LimitByIP to use the ip address from the http connection (request.RemoteAddr), as opposed to parsing it from the headers.
The PR also introduces KeyByRealIP and LimitByRealIP which will use headers like True-Client-IP, etc. to detect the IP address. You can use this if you trust the upstream load balancer to be serving you the correct True-Client-IP address (ie. like with Cloudflare which works well).
note: slightly breaking change
This PR changes the behaviour of
KeyByIP
andLimitByIP
to use the ip address from the http connection (request.RemoteAddr), as opposed to parsing it from the headers.The PR also introduces
KeyByRealIP
andLimitByRealIP
which will use headers like True-Client-IP, etc. to detect the IP address. You can use this if you trust the upstream load balancer to be serving you the correct True-Client-IP address (ie. like with Cloudflare which works well).