❓ What?
The X-Forwarded-For
is a request header that should contain the originating IP address (client IP) and the proxies that the client passes through.
For example:
is of the format: client, proxy1
where client
is my home IP address and proxy
is Cloudflare.
❔ Why?
The header is important to indicate to the backend that the client might be passing through a proxy.
Without the header present OR If the proxy is not trusted by the backend, the proxy is assumed to be the originating IP and all applications would simply see one (or multiple) IPs as the client IPs, which are actually the IPs of the proxy / load-balancer.
👓 References
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
https://www.authelia.com/integration/proxies/forwarded-headers/