asobi_peer (asobi v0.35.4)

View Source

Client-IP extraction shared across HTTP and WebSocket entry points, used as the rate-limiter key.

By default this returns cowboy_req:peer/1 (the socket peer). When the engine runs behind a trusted reverse proxy (Traefik/ingress/LB), the socket peer is the proxy, so every client collapses into one rate-limit bucket. Configure the proxy's address range so the real client is read from X-Forwarded-For:

{asobi, [{trusted_proxies, [~"10.0.0.0/8", ~"::1/128"]}]}

X-Forwarded-For is honored ONLY when the socket peer is itself within a configured trusted range; otherwise it is ignored (an untrusted client must not be able to choose its own rate-limit key). With no trusted_proxies configured, behavior is identical to reading the socket peer directly.

Summary

Functions

client_ip(Req)

-spec client_ip(cowboy_req:req() | map()) -> binary().