Please explain the need for remote_ip?

[keshav-c]

In the readme, I see this advice:

WARNING: if you're behind a proxy, like nginx or heroku's router, you need to make sure you have a plug that respects the X-Forwarded-For headers, for example: remote_ip.

This applies to me as I am currently developing an app that will be deployed behind a proxy. Any further info on why I need this, and how I should go about adding these 2 libraries --- plug_attack and remote_ip --- would be much appreciated 🙏

ie is this only for IP whitelisting/blacklisting type rules etc.? Or is remote_ip needed if we don't intend to put in place any IP related rules?

[IvanShpotenko]

What the warning says, I believe, is if you don't have a plug that respects the X-Forwarded-For headers, the correct :remote_ip won't be set correctly in conn. That means that any rule you want to impose based on remote IP (eg. throttle requests based on IP) won't work as intended, as you will only have access to the proxy's IP.

See this discussion for the context and why X-Forwarded-For is not overwritten by default. And here is an example plug that does the job

But if you do not intend to use any rule that depends on the IP, you should be fine.

Hope this helps!