Some security features rely on the client's IP address.
- Rate limiting and logging use the IP address from the request.
- If users are behind a VPN or proxy, the IP may not reflect the real client.
- The
X-Forwarded-Forheader is checked to obtain the original IP when available.
- If deploying behind a proxy or load balancer, ensure it forwards the
X-Forwarded-Forheader.