The perils of the “real” client IP
https://adam-p.ca/blog/2022/03/x-forwarded-for/ [adam-p.ca]
2022-03-05 22:36
The state of getting the “real client IP” using X-Forwarded-For and other HTTP headers is terrible. It’s done incorrectly, inconsistently, and the result is used inappropriately. This leads to security vulnerabilities in a variety of projects, and will certainly lead to more in the future.
source: HN