Closed Dexus closed 7 years ago
Thanks for pointing that out on that commit's comment.
at ion, an iris-based framework too, we fixed that with the following options: WithRemoteAddrHeader/WithoutRemoteAddrHeader
that can be passed to the app.Run
.
You're free to see the code and apply these fixes on this repo too, the commit is: https://github.com/get-ion/ion/commit/a4e550dc37b0d27384c3b84c1015de1db4009d3b
Best regards from @get-ion !
@hiveminded please note "CF-Connecting-IP" not "HTTP_CF_CONNECTING_IP" cause of real headers and not a PHP/FCGI Client or Server that change the header to UPPERCASE and prefixing the header names to prevent overwriting the environments...
Make real ip headers only change the remoteAddress when the config is set else visitors are able to fake own ip addresses... Make config variable to enable differend types of "proxys".