I am trying to update express-ipfilter

Where the suggestion was to switch to proxy-addr to find proxied IPs.

We have some test for x-real-ip and I assume users who rely on x-real-ip that would be blocked from their blacklist if I were to release now.

I can, of course, fix it in express-ipfilter but I would prefer to fix it upstream

Hi! Thanks for opening this issue. I'm not familiar with the X-Real-IP HTTP header, but reading everything I could find on it, it seems that there is no purpose of it being supposed in this module, since there is no trust needed to establish on that header.

From my understanding the way X-Forwarded-For header works is that each intermediately appends the client IP it ad to that header, creating a list of IPs of all the intermediaries. In order to know which is the one you trust, this module was created to walk the chain and stop at the last intermediately boundary trusted.

It seems that the X-Real-IP header is just a single IP, never a list. The purpose of that header seems to be in order to above the whole walking of the X-Forwarded-For chain, thus the need to even use this module. his is because X-Real-IP is just a single IP of the client without the list of intermediaries.

But perhaps I am wrong here? Can you link to the specification or relevant implementations implementing X-Real-IP header so I can better understand it in order to be able to implement something in this module around the header?

Closing due to no response.